Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for UK Government Law Wi ...

 Firewall Daily

The UK government has taken steps to safeguard consumers from cyberattacks by prohibiting common and easily-guessable passwords such as "admin" or "12345". The UK government law comes into effect on 29 April 2024 and will mandate manufacturers, importers, and distributors of consumer connectable   show more ...

products in the UK to follow the obligations and standards set in the 'UK Product Security and Telecoms Infrastructure (PSTI) Act 2022' as well as the 2023 Regulations under the same act. The law aims at setting minimum security standards that must be followed before consumer devices can be sold in the UK, to protect UK homes. Uk Government Law Was Passed in 2022; Will Come to Effect this Year These measures are part of the Product Security and Telecommunications Infrastructure (PSTI) Act passed in 2022 as well as additional laws passed in 2023. These are designed to bolster the UK's resilience against cyber attacks and disruptive interference following growing concerns stemming from a series of incidents and proposed counter-legislation. A NordPass study in 2023 revealed that "123456, password, qwerty, Liverpool..." were among the most used passwords in the UK. The study highlights that default and weak passwords remain a relevant concern even today. Besides passwords, the new legislation also seeks to tackle inherent issues in existing incident reporting procedures and update periods. With regards to reporting, the law mandates manufacturers to provide consumers with details on reporting security issues within products, and timely updates until resolution, while the information should be made available without request and free of charge. The law mandated that such information should be "accessible, clear, and transparent." With regards to updates, the law mandates information on minimum update periods to be published and clearly accessible to the consumer in a transparent manner along with an end date. The updated information is required to be understandable for a reader without prior technical knowledge. UK Government Law Could Fine Violators £10 Million or Up to £20,000 a Day According to the law, the Office for Product Safety and Standards (OPSS) would be responsible for enforcing the relevant act operating from 29 April 2024. Manufacturers, vendors, or firms that fail to comply with the regulations could face fines of up to £10 million or four percent of their global turnover, as well as up to £20,000 a day in the case of an ongoing violation. This new UK law comes as the EU Cyber Resilience Act draft makes rounds for legislative discussion with the inclusion of recent amendments. The Act obliges manufacturers and retailers to follow minimum security requirements throughout the product lifecycle. Following the passing of the Cyber Resilience Act expected in Early 2024, internet-connected products and software would be required to receive independent assessments to check if they comply with the new standards. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Unverified: ANON SEC ...

 Firewall Daily

The Saline Water Conversion Corporation of Saudi Arabia became the target of a Distributed Denial of Service (DDoS) attack allegedly initiated by the hacktivist group ANON SEC BD on April 25 at 1119 hours UTC. The group claimed responsibility for the alleged cyberattack on SWCC, citing Saudi Arabia's diplomatic   show more ...

stance in the ongoing conflict in Gaza as their motive. Verification of the alleged cyberattack on SWCC was provided by check host reports furnished by ANON SEC BD. Despite the claims, upon inspection of the official website of the Saline Water Conversion Corporation, no signs of foul play were detected, as the website remained fully functional. To further verify the validity of ANON SEC BD's claims, The Cyber Express Team reached out to officials for comment. However, as of the time of writing this news report, no official response has been received, leaving the claim unverified. Implication of Cyberattack on SWCC If indeed proven true, the implications of such an attack could be far-reaching, especially considering the critical role of water treatment plants in ensuring public health and safety. A successful cyberattack on a facility of this nature could disrupt the water supply, leading to significant consequences for communities reliant on it. Without access to clean water, communities would face numerous challenges, including difficulties in maintaining basic hygiene standards, ensuring the safety of food supplies, and providing adequate medical care. Moreover, disruptions to the water supply could have cascading effects on various sectors, impacting industries, agriculture, and essential services. Industries reliant on water for manufacturing processes would face production delays or shutdowns, leading to economic losses and potential job layoffs. Furthermore, essential services such as firefighting and emergency response rely heavily on access to water. A compromised water supply could hinder the ability of emergency services to effectively respond to crises, putting lives and property at risk. Beyond immediate consequences, the long-term impacts of a cyberattack on a water treatment plant could be profound. Public trust in the safety and reliability of the water supply could be eroded, leading to social unrest and unrest. Previous Targets Highlight Group's Actions Prior to this incident, ANON SEC BD had also claimed responsibility for targeting the website of Alnassr F.C., a Saudi Arabian football club. These actions demonstrate the group's capability and willingness to target various entities online. [caption id="attachment_65694" align="aligncenter" width="453"] Source: X[/caption] DDoS attacks involve flooding a target server with overwhelming traffic, rendering it inaccessible to legitimate users. While DDoS attacks themselves don't typically involve data breaches or manipulation of systems, they can cause significant disruption to services and operations. Complexity Amid International Tensions The Saline Water Conversion Corporation plays a crucial role in Saudi Arabia's water infrastructure, particularly in desalination projects aimed at providing clean drinking water to its population. Any disruption to its operations could have serious repercussions, affecting not only domestic water supply but also industries reliant on desalinated water, such as agriculture and manufacturing. The timing of the attack, amid heightened tensions surrounding international conflicts, adds a layer of complexity to the situation. While ANON SEC BD has cited Saudi Arabia's diplomatic stance as their motive, it's essential to note that cyberattacks like these are not uncommon and often stem from a variety of motivations, including ideological, political, or simply seeking attention. For now, the Saline Water Conversion Corporation remains operational, but the incident serves as a reminder of the ever-present threat posed by cyber-attacks and the need for strong defenses against them. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Privacy Group Files ...

 Cyber Essentials

A complaint lodged by privacy advocacy group Noyb with the Austrian data protection authority (DSB) alleged that ChatGPT's generation of inaccurate information violates the European Union’s privacy regulations. The Vienna-based digital rights group Noyb, founded by known activist Max Schrems, said in its   show more ...

complaint that ChatGPT's failure to provide accurate personal data and instead guessing it, violates the GDPR requirements. Under GDPR, an individual's personal details, including date of birth, are considered personal data and are subject to stringent handling requirements. The complaint contends that ChatGPT breaches GDPR provisions on privacy, data accuracy, and the right to rectify inaccurate information. Noyb claimed that OpenAI, the company behind ChatGPT, refused to correct or delete erroneous responses and has withheld information about its data processing, sources, and recipients. Noyb's data protection lawyer, Maartje de Graaf said, "If a system cannot produce accurate and transparent results, it cannot be used to generate data about individuals. The technology has to follow the legal requirements, not the other way around." Citing a report from The New York Times, which found that "chatbots invent information at least 3% of the time - and as high as 27%," noyb emphasized the prevalence of inaccurate responses generated by AI systems like ChatGPT. OpenAI’s ‘Privacy by Pressure’ Approach Luiza Jarovsky, chief executive officer of Implement Privacy, has previously said that artificial intelligence-based large language models follow a "privacy by pressure" approach. Meaning: “only acting when something goes wrong, when there is a public backlash, or when it is legally told to do so,” Jarovsky said. She explained this further citing an incident involving ChatGPT in which people's chat histories were exposed to other users. Jarovsky immediately noticed a warning being displayed to everyone accessing ChatGPT, thereafter. Jarovsky at the beginning of 2023, prompted ChatGPT to give information about her and even shared the link to her LinkedIn profile. But the only correct information that the chat bot responded with was that she was Brazilian. [caption id="attachment_65919" align="aligncenter" width="1024"] Prompt given by Luiza Jarovsky to ChatGPT bot followed by the incorrect response. (Credit:Luiza Jarovsky)[/caption] Although the fake bio seems inoffensive, “showing wrong information about people can lead to various types of harm, including reputational harm,” Jarovsky said. “This is not acceptable,” she tweeted. She argued that if ChatGPT has "hallucinations," then prompts about individuals should come back empty, and there should be no output containing personal data. “This is especially important given that core data subjects' rights established by the GDPR, such as the right of access (Article 15), right to rectification (Article 16), and right to erasure (Article 17), don't seem feasible/applicable in the context of generative AI/LLMs, due to the way these systems are trained,” Jarovsky said. Investigate ChatGPT’s GDPR Violations The complaint urges the Austrian authority to investigate OpenAI's handling of personal data to ensure compliance with GDPR. It also demands that OpenAI disclose individuals' personal data upon request and seeks imposition of an "effective, proportionate, dissuasive, administrative fine." The potential consequences of GDPR violations are significant, with penalties amounting to up to 4% of a company's global revenue. OpenAI's response to the allegations remains pending, and the company faces scrutiny from other European regulators as well. Last year, Italy's data protection authority temporarily banned ChatGPT's operations in the country over similar GDPR concerns, following which the European Data Protection Board established a task force to coordinate efforts among national privacy regulators regarding ChatGPT. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for AT&T, Verizon, T-Mob ...

 Compliance

The Federal Communications Commission has fined the largest phone carriers in the country - AT&T, Sprint, T-Mobile and Verizon - $200 million over illegal data sharing of its customers location with third parties, and that with inadequate safeguards in place. Of the four, T-Mobile was fined the most with more than   show more ...

$80 million but it will pay another $12 million as Sprint, which was acquired by them in April 2020 was fined separately for its malpractices prior to the acquisition. AT&T was fined more than $57 million and Verizon nearly $47 million. The FCC Enforcement Bureau investigations of the four carriers found that each of them sold access to its customers’ location information to aggregators, who then resold access of such information to third-party location-based service providers. For example, AT&T had arrangements with two location information aggregators: LocationSmart and Zumigo, which in turn, had arrangements with location-based service providers.  “In total, AT&T sold access to its customers’ location information (directly or indirectly) to 88 third-party entities,” the FCC said. “The largest wireless carriers in the country were selling our real-time location information to data aggregators, allowing this highly sensitive data to wind up in the hands of bail-bond companies, bounty hunters, and other shady actors,” said FCC Chair Jessica Rosenworcel. The agency stated, "Each carrier attempted to offload its obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained." Furthermore, when the carriers became aware of the inadequacy of their procedures, they failed to halt the sale of access to location information or adequately safeguard it from unauthorized access. AT&T and Verizon revealed their intention to appeal the FCC's decision, citing legal and factual discrepancies in the agency's order, while T-Mobile planned to challenge the decision, emphasizing its commitment to safeguarding customer data and labeling the fine as excessive. All three companies highlighted that the program for which they were fined ended approximately five years ago. Views of the Illegal Data Sharing Whistleblower Senator Ron Wyden (D-OR), commenting on Monday's action praised the FCC for penalizing wireless carriers. “No one who signed up for a cell plan thought they were giving permission for their phone company to sell a detailed record of their movements to anyone with a credit card ,” Wyden said. “I applaud the FCC for following through on my investigation and holding these companies accountable for putting customers’ lives and privacy at risk.” The issue first came to light in 2018 when Wyden discovered the carriers' practices, revealing instances of abuse by government officials and others who obtained location data without proper authorization. The FCC found the telecom companies' practices in violation of section 222 of the Federal Communications Act, which mandates confidentiality of customer information and affirmative consent before sharing or accessing customer location data. FCC’s action comes weeks after the House of Representatives passed the Fourth Amendment Is Not For Sale Act, which would prohibit law enforcement agencies from buying location data and other sensitive information about Americans, without a court order. Privacy advocates cheered the bill’s passage but it now faces an uphill task in the Senate and the White House. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for London Drugs Tempora ...

 Data Breach News

Retail and pharmacy chain London Drugs has announced the closure of its stores across Western Canada after falling victim to a cybersecurity incident. The company, headquartered in B.C., took the precautionary measure to temporarily close its doors until further notice following the discovery of the cyberattack on   show more ...

London Drugs. London Drugs informed customers of the situation in a statement released on X, formerly known as Twitter. They stated, "On April 28, 2024, London Drugs discovered that it was a victim of a cybersecurity incident. Upon discovering the incident, London Drugs immediately undertook counter measures to protect its network and data, including retaining leading third-party cybersecurity experts to assist with containment, remediation and to conduct a forensic investigation. [caption id="attachment_65806" align="aligncenter" width="594"] Source: X[/caption] Cyberattack on London Drugs: Immediate Response to Protect Data The closure of stores is out of an abundance of caution, with the company assuring customers that it is taking all necessary steps to address the cyberattack on London Drugs swiftly and effectively. Out of an abundance of caution, London Drugs is temporarily closing stores across Western Canada until further notice," reads notice. London Drugs emphasized that, at this time, there is no reason to believe that customer or employee data has been impacted by the cyber incident. While we deal with this cybersecurity incident, we want to assure our customers that pharmacists are standing by to support any urgent pharmacy needs," London Drugs stated. We advise customers to phone their local store’s pharmacy to make arrangements. Temporary Phone Line Shutdown However, on April 30, London Drugs provided an update, informing customers that as part of its internal investigation, the company's phone lines have been temporarily taken down. This measure is expected to be in place until the investigation is complete. As a necessary part of its internal investigation, London Drugs phone lines have been temporary taken down and will be restored as soon as the investigation is complete," the notice reads. [caption id="attachment_65808" align="aligncenter" width="618"] Source: X[/caption] Despite the temporary closure of phone lines, London Drugs reassured customers that pharmacy staff are available on-site at all store locations to assist with urgent pharmacy needs. Customers are encouraged to visit their local store in-person for immediate support until the phone lines are restored. The cyberattack on London Drugs highlights the increasing threat of attacks facing businesses, including those in the retail and pharmacy sectors. As more and more transactions move online and data becomes increasingly valuable, organizations are increasingly targeted by malicious actors seeking to exploit vulnerabilities in their systems. Proactive Response London Drugs' proactive response to the incident highlights the importance of having strong cybersecurity measures in place and the need for swift action in the event of a breach. By immediately engaging third-party cybersecurity experts and conducting a forensic investigation, the company is taking the necessary steps to contain the incident and mitigate any potential damage. For customers, the closure of London Drugs stores may cause inconvenience, but the company's commitment to ensuring the security of its systems and the safety of customer data is paramount. In the meantime, customers with urgent pharmacy needs can still access support from London Drugs by visiting their local store in person and speaking directly with pharmacy staff. The company apologizes for any inconvenience caused by the closure and appreciates the patience and understanding of its customers during this challenging time. As the investigation into the cybersecurity incident continues, London Drugs will provide further updates to keep customers informed of any developments. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Vastaamo Hacker Sent ...

 Cyber Essentials

Julius Kivimäki, one of Europe's most sought-after cyber criminals, has been sentenced to more than six years jail for attempting to blackmail more than 30,000 individuals whose confidential therapy notes he pilfered. Kivimäki, also known online under the moniker "Zeekill" obtained these notes by   show more ...

breaching the databases of Finland's largest psychotherapy company, Vastaamo in late 2018 and early 2019. Following a failed attempt to extort the company for 40 Bitcoins, which were equivalent to about 450,000 Euros at the time, Kivimäki resorted to directly reaching the patients via email and threatened them to expose the private information they had shared with their therapists. Vastaamo data breach is considered as the largest and one of the most disturbing breaches in Finnish history with regards to the sheer overall impact of the hacking incident. Despite maintaining his innocence throughout the proceedings, Kivimäki now aged 26, evaded authorities and was arrested in Paris under an assumed identity. Even during the trial, he absconded for over a week after refusing to return to prison as ordered by the court. The judges, upon rendering their verdict, found Kivimäki guilty on all counts, condemning his blackmail as "ruthlessly taking advantage of another person's vulnerability." The BBC first reported the conviction. The severity of Kivimäki’s sentence—six years and three months—marks the culmination of a cybercrime spree that commenced when he was merely 13 years old. Kivimäki was a prominent figure amongst teenage cyber gangs that operated between 2009 and 2015. He was arrested in 2013 at the age of 15, but received a juvenile non-custodial two-year suspended sentence. The lenient punishment likely failed to dissuade him, as Kivimäki was swiftly implicated in several other hacks carried out with adolescent cohorts before vanishing for years. Kivimäki’s name resurfaced in 2020, in connection to the Vastaamo hack, where after failed negotiations with the company he demanded $240 from the patients in exchange of deleting their sensitive information. Kivimäki himself led back law enforcement to him. Finnish investigators from the National Bureau of Investigation (KRP), in collaboration with Binance, followed the trail of payments to Kivimäki, who exchanged the funds for Monero and then exchanged them back to Bitcoin. The digital forensics and cryptocurrency tracing played pivotal roles in securing his conviction. Taking into account Vastaamo's position as a company producing mental health services, Kivimäki has caused great suffering or the risk of it to the interested parties," BBC cited the verdict document saying. Vastaamo's CEO, Ville Tapio, was also found guilty of failing to safeguard customers' confidential data. Investigations revealed that the company's databases were susceptible to exploitation due to inadequate safeguards. Tapio received a suspended three-month prison sentence last year, while the Office of the Data Protection Ombudsman imposed an administrative financial sanction of 608,000 euros on Vastaamo. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Ransomware Group Loc ...

 Firewall Daily

The LockBit ransomware group has allegedly claimed responsibility for an earlier Cannes Hospital cyberattack impacting the Cannes Simone Veil Hospital Center (Centre Hospitalier de Cannes). The Cannes Simone Veil Hospital Center, also known as the Broussailles Hospital, was named after former French health minister   show more ...

Simone Veil. The hospital offers patient facilities such as anesthesia, surgery, ENT, ophthalmology, dentistry, mental health, and senior care. While the hospital was immediate in implementing stringent containment measures, ongoing investigations did not find evidence of data theft or direct ties to any threat actor groups. Staff Forced to Degrade Services After Cannes Hospital Cyberattack After the cyberattack, medical professionals were forced to switch to pen, paper, and manual processes to continue to provide essential healthcare services such as emergency care, surgery, obstetrics, and pediatrics to patients. Telephony services continue to work normally. Even weeks after the attack, the site still maintains a notice of the cybersecurity attack. The notice reads that the hospital staff is investigating the cyberattack in conjunction with experts (ANSSI, Cert Santé, Orange CyberDéfense, GHT06). Further, the notice stated that while the investigation remains ongoing, there have not yet been any ransom demands or identification of data theft operations. [caption id="attachment_65802" align="alignnone" width="683"] Source: ch-cannes.fr[/caption] Cybersecurity analyst Dominic Alvieri, on X(Twitter), shared an alleged LockBit claim of responsibility for the earlier incident. [caption id="attachment_65735" align="alignnone" width="1200"] (Source: Dominic Alvieri/ @AlvieriD / x.com)[/caption] If the claims are true, the Cannes Simone Veil Hospital Center would be one of the latest victims in a series of recent cyberattacks claimed by LockBit after the ransomware group's operations were disrupted following joint-effort action from the FBI, NCA the UK, and the Europol. LockBit Ransomware Group Apologised for Earlier Cyberattack on Children's Hospital Since healthcare targets remain a sensitive target for cyberattacks, many threat actor groups have made claims or suggested they would avoid such targets in their operations. During the Covid-19 pandemic, the Maze ransomware group announced that they would not target healthcare organizations. Later the group was found to continue targeting healthcare units in its operations. Last year in January 2023, LockBit apologized for an attack on Toronto's Hospital for Sick Children, blamed a partner for the attack, in its data leak site, claiming to have blocked the partner allegedly responsible for the attack, and offered code to restore the affected systems. The cyberattack had significant consequences for the pediatric firm such as delayed lab and imaging results, shut down of phone lines, and the staff payroll system. These incidents highlight that the healthcare system remains vulnerable to cyberattacks and can prove to have unwelcome effects on patient health, staff functioning, and morale. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for DHS, CISA Partner to ...

 Cyber Essentials

The Department of Homeland Security (DHS), in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA) and the Countering Weapons of Mass Destruction Office (CWMD), has announced a suite of initiatives aimed at securing critical infrastructure and guarding against AI threats. This announcement   show more ...

comes as the DHS marks the 180-day milestone of President Biden’s Executive Order (EO) 14110, “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI)”. Secretary of Homeland Security Alejandro N. Mayorkas emphasized the dual nature of AI, stating, “AI can present transformative solutions for U.S. critical infrastructure, and it also carries the risk of making those systems vulnerable in new ways to critical failures, physical attacks, and cyber attacks. Our Department is taking steps to identify and mitigate those threats." Securing Critical Infrastructure from AI Threats DHS, in partnership with CISA, released comprehensive safety and security guidelines designed to address AI threats to critical infrastructure. These guidelines categorize risks into three main areas: Attacks Using AI: This includes the use of AI to plan or execute physical or cyber attacks on critical infrastructure. Attacks Targeting AI Systems: Targeted attacks on AI systems supporting critical infrastructure. Failures in AI Design and Implementation: Deficiencies or inadequacies in AI systems leading to malfunctions or unintended consequences. To tackle these risks, DHS proposes a four-part mitigation strategy: Govern: Establish an organizational culture prioritizing AI risk management. Map: Understand individual AI use contexts and risk profiles. Measure: Develop systems to assess, analyze, and track AI risks. Manage: Prioritize and act upon AI risks to safety and security. CISA Director Jen Easterly emphasized the importance of these guidelines, stating, “Based on CISA’s expertise as National Coordinator for critical infrastructure security and resilience, DHS’ Guidelines are the agency’s first-of-its-kind cross-sector analysis of AI-specific risks to critical infrastructure sectors and will serve as a key tool to help owners and operators mitigate AI risk." The CBRN Threat: Preparing for the Unthinkable The DHS, working closely with its CWMD Office, has produced a report analyzing the potential misuse of AI in the development or production of chemical, biological, radiological, and nuclear (CBRN) threats. Assistant Secretary for CWMD Mary Ellen Callahan highlighted the importance of this report, stating, “The responsible use of AI holds great promise for advancing science, solving urgent and future challenges, and improving our national security, but AI also requires that we be prepared to rapidly mitigate the misuse of AI in the development of chemical and biological threats, All Hands on Deck: Department Unites for Goal In addition to these initiatives, Secretary Mayorkas has spearheaded various efforts to expand DHS’s leadership on AI: Artificial Intelligence Safety and Security Board (AISSB): Established to advise DHS and the critical infrastructure community on the safe and secure development and deployment of AI. AI Roadmap: A detailed plan for using AI technologies while protecting individuals’ privacy, civil rights, and civil liberties. AI Corps: An accelerated hiring initiative aimed at leveraging AI expertise across strategic areas of the homeland security enterprise. These efforts highlight DHS’s commitment to advancing the responsible use of AI for homeland security missions while mitigating its associated risks. In the face of evolving threats, DHS remains steadfast in its dedication to safeguarding the nation’s critical infrastructure and ensuring the safe and secure integration of AI technologies. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Man Who Mass-Extorte ...

 Ne'er-Do-Well News

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland   show more ...

became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly sensitive therapy session notes Vastaamo had exposed online. Ransom_man announced on the dark web that he would start publishing 100 patient profiles every 24 hours. When Vastaamo declined to pay, ransom_man shifted to extorting individual patients. According to Finnish police, some 22,000 victims reported extortion attempts targeting them personally, targeted emails that threatened to publish their therapy notes online unless paid a 500 euro ransom. Finnish prosecutors quickly zeroed in on a suspect: Julius “Zeekill” Kivimäki, a notorious criminal hacker convicted of committing tens of thousands of cybercrimes before he became an adult. After being charged with the attack in October 2022, Kivimäki fled the country. He was arrested four months later in France, hiding out under an assumed name and passport. Antti Kurittu is a former criminal investigator who worked on an investigation involving Kivimäki’s use of the Zbot botnet, among other activities Kivimäki engaged in as a member of the hacker group Hack the Planet (HTP). Kurittu said the prosecution had demanded at least seven years in jail, and that the sentence handed down was six years and three months. Kurittu said prosecutors knocked a few months off of Kivimäki’s sentence because he agreed to pay compensation to his victims, and that Kivimäki will remain in prison during any appeal process. “I think the sentencing was as expected, knowing the Finnish judicial system,” Kurittu told KrebsOnSecurity. “As Kivimäki has not been sentenced to a non-suspended prison sentence during the last five years, he will be treated as a first-timer, his previous convictions notwithstanding.” But because juvenile convictions in Finland don’t count towards determining whether somebody is a first-time offender, Kivimäki will end up serving approximately half of his sentence. “This seems like a short sentence when taking into account the gravity of his actions and the life-altering consequences to thousands of people, but it’s almost the maximum the law allows for,” Kurittu said. Kivimäki initially gained notoriety as a self-professed member of the Lizard Squad, a mainly low-skilled hacker group that specialized in DDoS attacks. But American and Finnish investigators say Kivimäki’s involvement in cybercrime dates back to at least 2008, when he was introduced to a founding member of what would soon become HTP. Finnish police said Kivimäki also used the nicknames “Ryan”, “RyanC” and “Ryan Cleary” (Ryan Cleary was actually a member of a rival hacker group — LulzSec — who was sentenced to prison for hacking). Kivimäki and other HTP members were involved in mass-compromising web servers using known vulnerabilities, and by 2012 Kivimäki’s alias Ryan Cleary was selling access to those servers in the form of a DDoS-for-hire service. Kivimäki was 15 years old at the time. In 2013, investigators going through devices seized from Kivimäki found computer code that had been used to crack more than 60,000 web servers using a previously unknown vulnerability in Adobe’s ColdFusion software. KrebsOnSecurity detailed the work of HTP in September 2013, after the group compromised servers inside data brokers LexisNexis, Kroll, and Dun & Bradstreet. The group used the same ColdFusion flaws to break into the National White Collar Crime Center (NWC3), a non-profit that provides research and investigative support to the U.S. Federal Bureau of Investigation (FBI). As KrebsOnSecurity reported at the time, this small ColdFusion botnet of data broker servers was being controlled by the same cybercriminals who’d assumed control over SSNDOB, which operated one of the underground’s most reliable services for obtaining Social Security Number, dates of birth and credit file information on U.S. residents. Kivimäki was responsible for making an August 2014 bomb threat against former Sony Online Entertainment President John Smedley that grounded an American Airlines plane. Kivimäki also was involved in calling in multiple fake bomb threats and “swatting” incidents — reporting fake hostage situations at an address to prompt a heavily armed police response to that location. Ville Tapio, the former CEO of Vastaamo, was fired and also prosecuted following the breach. Ransom_man bragged about Vastaamo’s sloppy security, noting the company had used the laughably weak username and password “root/root” to protect sensitive patient records. Investigators later found Vastaamo had originally been hacked in 2018 and again in 2019. In April 2023, a Finnish court handed down a three-month sentence for Tapio, but that sentence was suspended because he had no previous criminal record.

 Malware and Vulnerabilities

Zloader, a modular trojan based on the leaked ZeuS source code, has recently introduced a new anti-analysis feature in versions 2.4.1.0 and 2.5.1.0 to prevent execution on machines that differ from the original infection.

 Security Products & Services

The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy.

 Incident Response, Learnings

The FCC has fined four major U.S. wireless carriers - AT&T, Sprint, T-Mobile, and Verizon - a total of nearly $200 million for unlawfully selling access to their customers' real-time location data without consent.

 Security Products & Services

Microsoft has released a new open-source security tool to close gaps in threat analysis for industrial control systems and help address increased nation-state attacks on critical infrastructure.

 Companies to Watch

KnowBe4, a Tampa Bay, FL-based provider of security awareness training and simulated phishing platform, is to acquire Egress Software Technologies, a London, UK-based company that specializes in adaptive and integrated cloud email security.

 Security Products & Services

Prompt Fuzzer is interactive and user-friendly, allowing users to repeat the process as many times as needed to harden their system prompts and see their security score increase as the prompt becomes more resilient.

 Feed

Ubuntu Security Notice 6758-1 - It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named __proto__. An attacker could possibly use this issue to pollute the prototype of the returned object, setting arbitrary or unexpected keys, and cause a denial of service, allow unintended access   show more ...

to network services or have other unspecified impact, depending on the application's use of the module.

 Feed

Ubuntu Security Notice 6761-1 - It was discovered that Anope did not properly process credentials for suspended accounts. An attacker could possibly use this issue to normally login to the platform as a suspended user after changing their password.

 Feed

Ubuntu Security Notice 6759-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service.

 Feed

Ubuntu Security Notice 6757-1 - It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to cookie by pass.

 Feed

Red Hat Security Advisory 2024-2456-03 - An update for grub2 is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, out of bounds read, and out of bounds write vulnerabilities.

 Feed

Red Hat Security Advisory 2024-2394-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, double free, integer overflow, memory exhaustion, memory leak, null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-2387-03 - An update for mod_jk and mod_proxy_cluster is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting and information leakage vulnerabilities.

 Feed

The U.K. National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024. "The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will help consumers to choose smart devices that have been designed to

 Feed

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositories in Docker Hub are imageless and have no content except for the repository

 Feed

The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats. "These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems," the Department of Homeland Security (DHS)&

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Governance & Risk Management , Privacy , Standards, Regulations & Compliance Commission Approves Long-Anticipated Fines for Verizon, T-Mobile, AT&T and Sprint Chris Riotta (@chrisriotta) • April 29, 2024     The U.S. Federal Communications   show more ...

Commission fined mobile carriers for selling customer location information. (Image: Shutterstock) The Federal Communications Commission announced […] La entrada FCC Fines US Cell Carriers $200M for Selling Location Data – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Shan Rao Group Product Manager, Google Cloud Shan Rao leads Google’s AI Security and Privacy initiatives as the Group Product Manager. He has spearheaded the development of innovative products that ensure the security and privacy of billions of users across   show more ...

Google’s core infrastructure, Google Cloud, and Android devices. Before joining […] La entrada Live Webinar | Protecting Your AI: Strategies for Securing AI Systems – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development , Recruitment & Reskilling Strategy How ChatGPT Can Help You Write Your Job Application Documents Brandy Harris • April 24, 2024     Image: Getty Images   show more ...

In a competitive job market, standing out from the crowd is crucial. Artificial […] La entrada Harnessing AI: A Step-by-Step Guide for Job Seekers – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Privileged Access Management , Security Operations Hashi Leads in Secrets Management But Lags in Privileged Access. What’s Next? Michael Novinson (MichaelNovinson) • April 25, 2024     Security might not be top of mind when thinking about HashiCorp, but   show more ...

IBM’s $6.4 billion acquisition will have major implications for the privileged […] La entrada What IBM Purchasing HashiCorp Means for Secrets Management – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 career

Source: www.databreachtoday.com – Author: 1 CISO Trainings , Legislation & Litigation , Professional Certifications & Continuous Training High Demand for Experts Who Know Law Plus AI, Blockchain and Internet of Things Brandy Harris • April 29, 2024     Image Getty Images The intersection of   show more ...

technology and legal frameworks is certainly not new, but it […] La entrada Career Spotlight: Growing Need for Technology Legal Analysts – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Building

Source: www.databreachtoday.com – Author: 1 Managed service providers face significant challenges in developing effective security strategies due to having to manage multiple small customers and a broad array of products. MSP need a streamlined approach to address the operational and billing difficulties   show more ...

associated with having to handle a plethora of vendors and security tools, according […] La entrada Building Security for MSPs: Cisco’s Blueprint for Success – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 benefits

Source: www.databreachtoday.com – Author: 1 More companies and their CISOs are embracing hybrid and cloud-native infrastructure. There are two drivers for this, according to Ganesh Pai, founder and CEO of Uptycs: The first is the emergent need for software supply chain visibility, and the second is the need to   show more ...

rationalize software tooling, which makes best-of-breed […] La entrada Benefits of a Unified CNAPP and XDR Platform – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Nastassia Tamari of the FDA on Top Challenges During Premarket Device Submissions Marianne Kolbasuk McGee (HealthInfoSec) • April 24, 2024     17 Minutes    Nastassia Tamari, division director for medical device cybersecurity, U.S. Food and Drug Administration   show more ...

Medical device makers submitting products for premarket approval by the Food and […] La entrada Major Areas of Cybersecurity Focus for Medical Device Makers – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 While most healthcare sector organizations hit with ransomware attacks never imagine giving in to extortion demands, the pressures they face in dealing with the crisis often push about half of them to pay, said attorney Lynn Sessions of BakerHostetler, speaking about   show more ...

the firm’s healthcare clients. “No one ever goes on […] La entrada Why Many Healthcare Sector Entities End Up Paying Ransoms – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Building

Source: www.databreachtoday.com – Author: 1 Ed Adams CEO, Security Innovation Mr. Adams is a software quality and security expert with 20+ years of industry experience. He has been CEO of Security Innovation since 2003. A Ponemon Institute Research Fellow, Adams was named a Privacy by Design Ambassador by the   show more ...

Information & Privacy Commissioner of Canada […] La entrada Live Webinar | Building Security from Within: Empowering Software Teams for Cyber Resilience – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas A new cluster of activity tracked as “Muddling Meerkat” is believed to be linked to a Chinese state-sponsored threat actor’s manipulation of DNS to probe networks globally since October 2019, with a spike in activity observed in September   show more ...

2023. A notable aspect of Muddling Meerkat’s activity is the manipulation of […] La entrada Muddling Meerkat hackers manipulate DNS using China’s Great Firewall – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan ​The Federal Communications Commission (FCC) has fined the largest U.S. wireless carriers almost $200 million for sharing their customers’ real-time location data without their consent. FCC’s forfeiture orders finalize Notices of   show more ...

Apparent Liability (NAL) issued against AT&T, Sprint, T-Mobile, and Verizon in February 2020. The fines imposed on Monday include $12 million for Sprint and $80 million for T-Mobile (the two carriers have […] La entrada FCC fines carriers $200 million for illegally sharing user location – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan ​Canadian pharmacy chain London Drugs has closed all its retail stores to contain what it described as a “cybersecurity incident.” The company has also hired external experts to investigate the cyberattack that impacted its systems over the   show more ...

weekend. “On April 28, 2024, London Drugs discovered that it was the […] La entrada London Drugs pharmacy chain closes stores after cyberattack – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Image: Midjourney The FBI is warning of fake verification schemes promoted by fraudsters on online dating platforms that lead to costly recurring subscription charges. The public service announcement explains that contrary to romance scams that often   show more ...

combine investment fraud like “pig butchering,” these verification schemes rely on recurring monthly charges for the victim. […] La entrada FBI warns of fake verification schemes targeting dating app users – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user’s security. Additionally, the tech giant reports that it identified and blocked 333,000 Google Play   show more ...

accounts that uploaded malware, fraudulent apps, or engaged in repeated grave policy violations. For comparison, in […] La entrada Google rejected 2.28 million risky Android apps from Play store in 2023 – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments. The company said that Intune is among the MDM platforms affected by the bug and confirmed that third-party MDM solutions might   show more ...

also be impacted. However, when it acknowledged this in October, it clarified that […] La entrada Microsoft fixes bug behind incorrect BitLocker encryption errors – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Financial Business and Consumer Solutions (FBCS) is warning 1,955,385 impacted individuals in the United States that the company suffered a data breach after discovering unauthorized access to specific systems in its network. FBCS is a nationally licensed   show more ...

debt collection agency in the U.S., specializing in collecting unpaid debts from […] La entrada Collection agency FBCS warns data breach impacts 1.9 million people – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays. Phishing operations   show more ...

typically target people’s sensitive information (account credentials, card details) or try […] La entrada US Post Office phishing sites get as much traffic as the real one – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Some ​Google Chrome users report having issues connecting to websites, servers, and firewalls after Chrome 124 was released last week with the new quantum-resistant X25519Kyber768 encapsulation mechanism enabled by default. Google started testing the   show more ...

post-quantum secure TLS key encapsulation mechanism in August and has now enabled it in the latest Chrome version for all users. […] La entrada Google Chrome’s new post-quantum cryptography may break TLS connections – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Okta warns of an “unprecedented” spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. Threat actors use credential stuffing to compromise user accounts   show more ...

by trying out in an automated manner lists of usernames and passwords typically purchased from cybercriminals. […] La entrada Okta warns of “unprecedented” credential stuffing attacks on customers – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.tripwire.com – Author: Graham Cluley What’s going on? A wave of cheap, crude, amateurish ransomware has been spotted on the dark web – and although it may not make as many headlines as LockBit, Rhysida, and BlackSuit, it still presents a serious threat to organizations. What’s   show more ...

“junk gun” ransomware? It’s a name coined by […] La entrada “Junk gun” ransomware: the cheap new threat to small businesses – Source: www.tripwire.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.bitdefender.com – Author: Graham Cluley Czech news agency ČTK announced on Tuesday that a hacker had managed to break into its systems and published fake news reports of a plot to murder the president of a neighbouring country. One of the false stories published by the hacker in Czech and English   show more ...

claimed that Czechia’s […] La entrada Hacker posts fake news story about Ukrainians trying to kill Slovak President – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Council

Source: grahamcluley.com – Author: Graham Cluley Leicester City Council suffers a crippling ransomware attack, and a massive data breach, but is it out of the dark yet? And as election fever hits India we take a close eye at deepfakery. All this and more is discussed in the latest edition of the “Smashing   show more ...

Security” podcast […] La entrada Smashing Security podcast #369: Keeping the lights on after a ransomware attack – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Council

Source: www.bitdefender.com – Author: Graham Cluley The UK’s Leicester City Council was thrown into chaos last month when a crippling cyber attack forced it to shut down its IT systems and phone lines. The INC Ransom group perpetrated the ransomware attack, which reportedly impacted care home workers and   show more ...

the homeless but also saw at least […] La entrada City street lights “misbehave” after ransomware attack – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 New ransomware gangs have already filled the void left by LockBit and ALPHV/BlackCat in the first quarter of 2024, according to a new report by Corvus Insurance. In its latest ransomware report, Ransomware Groups Don’t Die, They Multiply, published on April   show more ...

30, the cyber insurance firm found that ransomware activity […] La entrada Ransomware Rising Despite Takedowns, Says Corvus Report – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breach

Source: www.infosecurity-magazine.com – Author: 1 The Information Commissioner’s Office (ICO) has called for stronger protections for people living with HIV who are being denied “basic dignity and privacy” by repeated data breaches that disclose their HIV status. This comment comes as the ICO has fined   show more ...

the Central YMCA £7,500 for a data breach that affected […] La entrada YMCA Fined for Data Breach, ICO Raises Concerns About Privacy for People with HIV – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Three large-scale malware campaigns have infiltrated Docker Hub, deploying millions of malicious “imageless” containers. The data comes from JFrog’s security research team, which recently revealed a concerning trend within Docker Hub. The platform, known   show more ...

for facilitating Docker image development, collaboration and distribution, hosts over 12.5 million repositories. However, according to JFrog, […] La entrada Millions of Malicious Containers Found on Docker Hub – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 Meta is under scrutiny for failing to tackle disinformation on its social media platforms. The EU Commission opened a probe on April 30 to investigate Facebook’s and Instagram’s alleged failures to tackle deceptive advertising and disinformation ahead of the   show more ...

European Parliament election in June. The investigation will assess whether Meta’s […] La entrada Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: news.sophos.com – Author: Doug Aamoth PRODUCTS & SERVICES The IDC MarketScape evaluates the capabilities and business strategies of managed detection and response service providers worldwide. We are delighted to announce that Sophos has been named a Leader in the IDC MarketScape: Worldwide Managed   show more ...

Detection and Response (MDR) 2024 Vendor Assessment (doc #US49006922, April 2024). […] La entrada Sophos named a Leader in the 2024 IDC MarketScape for Worldwide Managed Detection and Response (MDR) – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: news.sophos.com – Author: Sally Adam PRODUCTS & SERVICES Our fifth annual report reveals how ransomware experiences have changed over the last year, plus brand-new insights into the business impact of an attack. The fifth Sophos State of Ransomware Report reveals the real-world ransomware   show more ...

experiences of 5,000 organizations around the globe, from root cause through […] La entrada The State of Ransomware 2024 – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-04
Aggregator history
Tuesday, April 30
MON
TUE
WED
THU
FRI
SAT
SUN
AprilMayJune