Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for The Era of Web DDoS ...

 DDoS Attacks News

By Eyal Arazi, senior security solutions lead for Radware The cybersecurity landscape evolved rapidly in 2023. In particular, there was a significant shift in Distributed Denial of Service (DDoS) attack patterns. Malicious actors are turning to a new form of DDoS attack, moving up the network stack from layers 3 and 4   show more ...

to layer 7 with their sights set on compromising online applications and APIs as well as essential infrastructure such as the Domain Name System (DNS). Unlike traditional DDoS attacks, which often involve overwhelming network traffic, this new wave of HTTP Floods—also known as Web DDoS Tsunami Attacks—focus on the application layer, where they can go undetected by traditional defense systems, famously taking down websites or networks. These attacks know no boundaries, and strike without regard for company size, industry or geography. Some of the best intelligence for how to deal with Tsunamis comes from studying real-world attacks. What is a Web DDoS Tsunami? While HTTP Floods have been common for many years, they have been re-imagined by hackers combining network and application layer attacks to create new, more aggressive Web DDoS Tsunamis. The malicious actors claiming responsibility for many of these attacks are state-sponsored groups or cyber hacktivists. The real-world Tsunamis we’ve seen are characterized by multiple attack waves that often top several million requests per second (RPS) and last for hours and span days. In contrast to years past, today’s HTTP Floods ramp faster than their predecessors. To further confound security teams, they cleverly defy detection by appearing as legitimate traffic and using evasion techniques, such as randomized headers and IP spoofing, and more. Radware’s recent Global Threat Analysis Report underscores the alarming rise in malicious web applications and API transactions in 2023. The total number of these transactions surged by 171% in 2023 compared to 2022, representing a substantial escalation over the 128% increase observed in 2022 compared to 2021. A significant portion of the surge can be attributed to the rise in layer 7 encrypted web application attacks like the Web DDoS Tsunami. Real World Case Studies Large National Bank According to Radware’s Global Threat Analysis Report, finance institutions saw the highest share of cyber attacks in 2023, shouldering nearly 30% of attacks globally. One prominent banking institution found itself the center of a relentless barrage of Web DDoS Tsunami Attacks. During a span of several days, it experienced 12 separate attack waves, typically 2-3 per day. Multiple waves exceeded 1 million RPS, with one wave peaking at nearly 3 million RPS, significantly more than the bank’s typical traffic level of less than 1000 RPS. Simultaneously, attackers launched multiple network-layer volumetric attacks exceeding 100 gigabits per second (Gbps). The attacks used a variety of attack vectors, including HTTP/S Floods, UDP Fragmentation Attacks, TCP Handshake Violations, SYN Floods, and more. Figure 1 below shows one of the attacks, with a peak wave of nearly 3 million RPS. [caption id="attachment_66323" align="aligncenter" width="412"] A Web DDoS Tsunami at a large bank[/caption] Major Insurance Company The volumetric and persistent nature of Web DDoS Attacks was also on display during a recent attack at a major insurance company. The company experienced several large-scale attack waves, reaching hundreds of thousands of RPS, with multiple waves peaking at more than 1 million RPS. The largest assault reached 2.5 million RPS. The attacks far surpassed the company's typical traffic rate of several hundred RPS, overwhelming its application infrastructure and disrupting operations. To make the situation even more complicated, attackers combined some of the attack waves with network-layer volumetric attacks, exceeding 100 Gbps in data volume. The attack vectors included Web DDoS Tsunamis (HTTP/S Floods), DNS Floods, DNS Amplification Attacks, UDP Floods, UDP Fragmentation Attacks, NTP Floods, ICMP Floods, and more. One of the attacks, represented in Figure 2, consisted of multiple waves during a three-hour period with several peaks reaching one million RPS and multiple spikes topping 2.5 million RPS. Figure 2:  [caption id="attachment_66324" align="aligncenter" width="335"] A Web DDoS Tsunami at a major insurance company[/caption] Telecommunications Company Like financial institutions, telecommunication organizations continue to be a high-value target among malicious actors because of the lucrative data they store and the widespread disruption and publicity they generate when breached. Case in point: A European telecommunications company was the repeated target of state-backed attack groups. It battled a persistent Web DDoS Tsunami Attack of approximately 1 million RPS almost continuously for nearly two hours. Traffic peaked at 1.6 million RPS. See Figure 3. Figure 3:  [caption id="attachment_66325" align="aligncenter" width="323"] A Web DDoS Tsunami at a telecommunications company[/caption] These are just a few examples of the profile of the modern Web DDoS Tsunami Attack. What we know is that they are relentless. Rates and volumes exceed the capacity of on-prem solutions. They are deceptive and sophisticated, appearing as legitimate traffic and morphing over time. And they can cause considerable disruption and damage to an organization. How to Defend Against Web DDoS Tsunamis To combat Web DDoS Tsunamis, there needs to be a fundamental shift in how organizations think about their defense strategies. Detecting these attacks requires decryption and deep inspection into the L7 traffic headers, which network-based DDoS protection solutions weren’t built to do. Standard on-prem or cloud-based WAFs fail to keep up with the scale and randomization. And rate-limiting techniques have a major negative effect on legitimate traffic. Instead, what organizations need are solutions that leverage adaptive, AI-driven algorithms designed to distinguish between legitimate traffic surges and malicious attack traffic. These algorithms can quickly detect and generate new signatures for unknown malicious requests on the fly, ensuring robust protection without impeding legitimate traffic flow. A new era of Web DDoS Tsunamis has arrived, and it requires companies to take a new proactive and adaptive approach to cybersecurity if they don’t want to be the next to be caught off guard. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

image for Anonymous Arabia Str ...

 Firewall Daily

Anonymous Arabia, a ransomware group notorious for its clandestine operations, has allegedly targeted two significant entities in the UAE: Dubai.ae, the country's official website offering a multitude of public services, and the Emirates Water and Electricity Company (EWEC), responsible for managing water and   show more ...

electricity supply in Abu Dhabi and beyond. While initial assessments suggest minimal impact on these sites, details regarding the motive behind the cyberattacks on UAE entities, the extent of data compromise, or ransom demands remain undisclosed by the perpetrators. Upon inspection of the websites, no signs of foul play were found, as they were functioning properly. However, clarity on the matter awaits official statements from the UAE entities. [caption id="attachment_66802" align="aligncenter" width="699"] Source: X[/caption] Anonymous Arabia Not Alone: UAE Hit by Others Too Anonymous Arabia targeting UAE entities comes on the heels of another purported cyber onslaught attributed to Stormous Ransomware, allegedly affiliated with the notorious Five Families alliance. Stormous has claimed responsibility for targeting a slew of high-profile UAE entities, including Bayanat, the government's sovereign wealth fund's analytics arm; Kids.ae, a digital platform for children; the Telecommunications and Digital Regulatory Authority (TDRA); the Federal Authority for Nuclear Regulation (FANR); and the Sharik citizen portal. While Stormous has not divulged specifics of the attacks, they have directed targets to their blog on the Tor network, hinting at potential data leaks if ransom demands are not met. Prior to these incidents, a much larger cyberattack was claimed by the Five Families alliance, targeting a vast number of UAE entities across various sectors. Governmental and private entities such as the Roads and Transport Authority (RTA), the Ministry of Cabinet Affairs, and several ministries were reportedly compromised. In this alleged cyberattack, the group demanded a 150 BTC ransom (approximately $6.7 million USD at today’s exchange rate), threatening to leak stolen data if the demands were not met. These successive waves of cyberattacks highlight the growing menace posed by ransomware groups to critical infrastructure and government entities. The implications of such attacks are multifaceted and could have far-reaching consequences, including compromised sensitive data, disruptions to essential services, financial losses, and erosion of public trust. The recurrent targeting of UAE entities by ransomware groups raises pertinent questions about the country's cybersecurity posture and the motives driving these malicious actors. Why UAE is a Target The UAE's status as a global economic hub and its significant investments in technology and infrastructure make it an attractive target for hackers: Financial Gain: Attacks on wealthy nations and prominent organizations offer the potential for substantial financial gains through ransom payments or stolen data. Political Motivations: Hacktivist groups may target UAE entities for political reasons, aiming to disrupt government operations or make political statements. Critical Infrastructure: The UAE's critical infrastructure, including energy utilities and government services, presents lucrative targets for cybercriminals seeking to cause widespread disruption. As the UAE grapples with the aftermath of these alleged cyberattacks, vigilance, resilience, and decisive action are imperative to mitigate risks, enhance cyber resilience, and preserve national security in an increasingly digitized world. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Six Australian MPs C ...

 Cyber Essentials

Six Australian Members of the Parliament confirmed today that they were targeted by Chinese-state hackers APT31 in a brazen cyberattack whose aim was to gather intelligence on these individuals. The Inter-Parliamentary Alliance on China whose members were victims of this hacking attempt said, “The politicians   show more ...

confirmed details with both the IPAC Secretariat and the Australian Government.” “The apparent intention [of the cyberattack] was to garner sufficient information to mount more sophisticated follow-on attacks, escalating in severity.” Those targeted included Senator James Paterson, Senator Claire Chandler, Senator Alex Antic, David Smith MP, Daniel Mulino MP and Tim Wilson MP. Security Agencies Chose to Remain Tight-Lipped Australia’s security agencies reportedly received two warnings about Chinese hackers targeting Australian MPs, but they chose not to inform the lawmakers about the cyberattacks. “It is staggering that both the targeted members of parliament and the broader Australian public have been kept in the dark about a direct attempt at cyber interference against Australian parliamentarians,” Senator Claire Chandler said. “Incredibly, despite Australian authorities being notified of this hacking attempt in 2022, agencies did not alert my colleagues and I that we had been targeted.It’s unacceptable that this information was withheld from us for two years,” Chandler added. The Five Eyes intelligence agency reportedly alerted Australia’s security agencies in mid-2021 about attacks that occurred earlier in January. Then, in June 2022, the FBI officially notified Australian authorities about attempts by the Chinese hacking group APT31 to target six Australian MPs. However, the agencies opted against informing the Government or the affected MPs. The IPAC, consisting of 20 Australian MPs, only became aware of the attempted attack when the US Department of Justice indicted seven Chinese hackers in April this year -three years after the initial warning. The National Cyber Security Centre of the United Kingdom also called out the Chinese APT31 actors for their malicious cyber targeting of UK’s democratic institutions and parliamentarians earlier in March. Following this revelation, MPs demanded an explanation from the Australian Security Intelligence Organisation regarding the lack of notification. After receiving a briefing, they released a joint statement today expressing outrage and demanding a robust response to protect Australian sovereignty. “We were not informed by Australian agencies at any time since 2021 about this targeting,” the statement from IPAC members targeted by APT31 said. “This was not an attack on any single party or House of Parliament. This was an attack on Australian parliamentarians from both Houses and both parties who have dared to exercise their legitimate democratic right to criticize Beijing. As such, it was an attack on Parliament as a whole and demands a robust and proportionate response,” the IPAC members’ statement said. “It is very worrying for our democracy that elected members of parliament have been targeted by PRC-state sponsored hacking attempts specifically because we have expressed concern about the behavior of the PRC, including human rights violations in Xinjiang and coercive behavior against Australia,” Senator Claire Chandler said. “It is in Australia’s national interest for Australians to be properly informed about the behavior of the PRC government. The withholding of information about the targeting of Australian elected representatives by state-affiliated cyber criminals means that Australians have been given a misleading impression of the PRCs behavior towards our country,” Chandler added. The targeted IPAC members insisted on being informed about future attempts to target them by state-sponsored groups, for which they have received an assurance from the government. “I welcome the assurance that in future agencies will inform MPs about any attempts by state-sponsored cyber actors to target parliamentarians,” Senator Claire Chandler said. The Australian agencies likely refrained from informing MPs because they considered the attacks crude and unsuccessful, according to Austrlian news agency The Nightly. Moreover, they occurred during a period when MPs and the public were already being cautioned to enhance their cybersecurity. Paterson, who is also the co-chair of IPAC Australia, denounced the attempted hack. “Targeting parliamentarians, as the CCP has done, is not the act of a friend. It is yet another obstacle to a normal bilateral relationship. We should never hesitate to call out this behavior or be afraid to impose real costs to deter it,” he tweeted. APT31 Used Pixel Tracking Emails APT31 hackers targeted MPs with pixel tracking emails from a domain pretending to be a news outlet. If opened, these emails tracked the recipients' online behavior. According to the FBI's indictment released last month, the hackers spammed various government individuals worldwide associated with IPAC, with more than 10,000 malicious emails that also exploited zero-days and resulted in potential compromise of economic plans, intellectual property and trade secrets. Last month, FBI Director Christopher Wray highlighted the magnitude of Chinese hacking, stating that it surpassed that of every other major nation combined. He underscored the overwhelming scale of Chinese cyber operations, indicating the challenges faced by law enforcement in countering these threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Finland Warns of New ...

 Cyber Essentials

Finland has warned of an ongoing Android malware campaign that targets banking details of its victims by enticing them to download a malicious counterfeit McAfee app. Finland's Transport and Communications Agency – Traficom - issued a warning last week about an ongoing Android malware campaign that aims to   show more ...

withdraw money from the victim's online bank accounts. Traficom said this campaign exclusively targets Android devices, with no separate infection chain identified for Apple iPhone users. The agency has identified multiple cases of SMS messages written in Finnish language, instructing recipients to call a specified number. These messages often impersonate banks or payment service providers like MobilePay and utilize spoofing technology to appear as if they originate from domestic telecom operators or local networks. [caption id="attachment_66875" align="aligncenter" width="1024"] Finnish language smishing message (Credit: Traficom)[/caption] The scammers answering these calls direct victims to install a McAfee app under the guise of providing protection. However, the McAfee app being promoted is, in fact, malware designed to compromise victims' bank accounts. According to reports received by the Cyber Security Center, targets are prompted to download a McAfee application via a link provided in the message. This link leads to the download of an .apk application hosted outside the app store for Android devices. Contrary to expectations, this is not antivirus software but malware intended for installation on the phone. The OP Financial Group, a prominent financial service provider in Finland, also issued an alert on its website regarding these deceptive messages impersonating banks or national authorities. The police have similarly emphasized the threat posed by this malware, warning that it enables operators to access victims' banking accounts and initiate unauthorized money transfers. In one reported case, a victim lost 95,000 euros (approximately $102,000) due to the scam. Vultur Android Malware Campaign Trademarks While Finnish authorities have not definitively identified the type of malware involved or shared specific hashes or IDs for the APK files, the attacks bear a striking resemblance to those reported by Fox-IT analysts in connection with a new version of the Vultur trojan. [caption id="attachment_66873" align="alignnone" width="1024"] Vultur Trojan infection chain (Credit: Fox-IT)[/caption] The new iteration of the Vultur trojan employs hybrid smishing and phone call attacks to persuade targets into downloading a fake McAfee Security app. This app introduces the final payload in three separate parts for evasion purposes. Notable features of this latest version include extensive file management operations, abuse of Accessibility Services, app blocking, disabling Keyguard, and serving custom notifications in the status bar. Things to Do If You Suspect Being Victim If you suspect that your device has been infected with the malware, it is advisable to contact your bank immediately to enable protection measures. Additionally, restoring "factory settings" on the infected Android device to wipe all data and apps is recommended. OP Financial Group emphasizes that they do not request customers to share sensitive data over the phone or install any apps to receive or cancel payments. “We will never send you messages with a link to the online bank login page. The bank also never asks you for your ID or card information via messages. Such messages are scams and you should not click on the links in them,” the OP Financial Group said. “Even in order to receive or cancel a payment, you do not need to log in from a link, confirm with codes or provide your information. If you are asked to do this, contact the bank's customer service.” Any similar requests should also be promptly reported to the police. The news of the online banking fraud comes days after a multi-national police operation crack opened a massive fraudulent call center network run across Europe that targeted especially senior citizens with an intent to dupe them of thousands of dollars. The crack down, dubbed Operation Pandora, was initiated when a vigilant bank teller in Freiburg, Germany, alerted law enforcement of a customer aged 76-years attempting to withdraw a large sum of money. Scammers employed various tactics, posing as relatives, bank employees or police officers, to deceive victims into surrendering their savings. The operation revealed call centers operating in different countries, each specializing in different types of telephone fraud, from investment scams to debt collection demands. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Cyble Showcases Next ...

 Press Release

San Francisco, May 6, 2024 — Cyble, the leading provider of AI-driven cybersecurity solutions, is excited to announce its participation in the prestigious RSA Conference 2024, held at Moscone South Expo, San Francisco, from May 6th to May 9th. Visit Cyble at Booth N-2353 to discover how Cyble is revolutionizing   show more ...

cybersecurity practices and enhancing network resilience. At RSA Conference 2024, Cyble will introduce attendees to its innovative Cyble Vision Platform through compelling live demonstrations, highlighting how it empowers organizations to proactively tackle cybersecurity threats. The Cyble team, including Founder and CEO Beenu Arora, Co-founder and COO Manish Chachada, and other key members of the leadership team, will be present to discuss and provide insights into the latest trends and challenges in cybersecurity. Engage with Our Founders and Experts at RSA Conference 2024 Beenu Arora - Co-founder and CEO of Cyble. Beenu is a visionary leader with a deep understanding of the cybersecurity landscape and a passion for advancing cybersecurity measures through innovative technologies. Manish Chachada - Co-founder and COO of Cyble. Manish brings strategic oversight to operations and a commitment to delivering exceptional cybersecurity solutions to global clients. Dipesh Ranjan - Chief Partner Officer, SVP – Global Growth. Dipesh drives strategic partnerships and global expansion efforts at Cyble, leveraging his extensive expertise in cybersecurity and market development. Mandar Patil - SVP, Sales. Mandar leads the sales strategies at Cyble, focusing on accelerating growth and enhancing customer engagements through tailored cybersecurity solutions. Taylor Pettis - VP of Marketing. Taylor oversees Cyble’s marketing strategies, enhancing brand visibility and engagement through innovative campaigns and communications. Event Details: Date: May 6-9, 2024 Location: Booth N-2353, Moscone South Expo, San Francisco What to Expect: Insightful Engagements: Gain valuable insights from our founders Beenu Arora and Manish Chachada, and leadership team members Dipesh Ranjan, Mandar Patil, and Taylor Pettis. Interactive Product Demos: Experience the advanced capabilities of our AI-driven solutions and learn how they can safeguard your digital assets. Expert Discussions: Delve into discussions on the most pressing cybersecurity issues and explore tailored solutions with our experts. "We are excited to showcase our latest innovations and insights at RSA Conference 2024. Meeting with industry professionals and peers is a fantastic opportunity to discuss how Cyble’s solutions can be tailored to meet the evolving challenges of cybersecurity," said Beenu Arora, CEO of Cyble. Join our team at Booth N-2353 for a hands-on look at how our AI-driven solutions can empower your cybersecurity strategy and safeguard your operations. For more information or to schedule a personal meeting with any of our leadership team members, please visit our event page at https://cyble.com/upcoming-events/rsa-conference-2024/ About Cyble: Cyble, a trailblazer in Cyber Threat Intelligence, is committed to democratizing Dark Web Threat Intelligence through advanced AI and Machine Learning solutions. Recognized as one of the most sought-after workplaces, Cyble’s culture fosters innovation, collaboration, and professional growth. With a proven track record in delivering cutting-edge research and proactive monitoring, Cyble stands at the forefront of the cybersecurity landscape. Headquartered in Atlanta, Georgia, with a global presence spanning Australia, Malaysia, Singapore, Dubai, Saudi Arabia, and India, Cyble is the trusted authority empowering organizations to proactively combat evolving cyber threats. Media Contact: Cyble Inc enquiries@cyble.com Ph: +1 678 379 3241

image for RSA Conference 2024: ...

 Cybersecurity News

The RSA conference 2024 , the world's largest cybersecurity gathering, commenced in San Francisco from May 6 to 9, 2024. With over 45,000 attendees expected, the event promises to be a hub for industry discussion, product launches, and critical talks on emerging threats. This article explores some of the key   show more ...

themes likely to dominate RSA 2024. Quantifying Cyber Risk: A Business Imperative One of the most pressing issues for businesses today is understanding cyber risk in financial terms. While data breaches often headline the news, accurately calculating the potential cost of such an attack remains elusive. This lack of clarity hinders informed decision-making around cybersecurity investments. However, a potential solution may be emerging. Companies like CDW are developing tools that leverage cybersecurity insurance data and best-practice protocols to quantify cyber risk. By translating risk into dollar figures, businesses can prioritize security investments and make data-driven decisions about mitigation strategies. The Double-Edged Sword of AI Artificial intelligence (AI) is rapidly transforming the cybersecurity landscape. While AI-powered tools hold immense potential for automating repetitive tasks and improving efficiency, security professionals are concerned about the technology's potential misuse by attackers. The fear lies in the possibility of AI exposing sensitive data through large language models, especially in the absence of robust data governance and access control measures. Companies considering AI implementation will need to prioritize these aspects to ensure their data remains secure. Securing Operational Technology (OT): A Growing Challenge Critical infrastructure facilities, like power plants and water treatment centers, are increasingly targeted by cybercriminals. These facilities often rely on aging OT systems, not designed for today's internet-connected world, making them vulnerable. The potential consequences of a successful attack on such facilities are far-reaching, potentially disrupting entire regions. To address this growing threat, a holistic approach is needed. One such approach, the 5D security model, focuses on identifying vulnerabilities, deploying solutions, and fostering a culture of shared accountability between IT and OT teams. RSA 2024 Beyond Technology: Collaboration and Community The RSA Conference is more than just a showcase of new technology. This year's RSA Conference theme, "The Art of Possible," reflects a focus on innovation and community collaboration. Keynote speakers such as Secretary of State Antony J. Blinken will discuss the government's efforts to integrate cybersecurity into emerging technologies like AI and quantum computing. The conference will also feature a diverse roster of speakers from the cybersecurity industry, including technologist Bruce Schneier and former CISA Director Chris Krebs. Hugh Thompson, RSAC's executive chairman, emphasizes the conference's role in fostering collaboration within the cybersecurity community. This "community problem-solving" approach is crucial in combating evolving threats. The event will feature a diverse range of speakers, including government officials, technologists, security experts, and even representatives from the arts and entertainment world. This cross-disciplinary approach underscores the importance of collaboration in building a more secure future. Innovation and Learning Opportunities With over 500 sessions, RSA 2024 promises to be a hub of knowledge sharing and networking opportunities. Attendees can participate in hands-on cybersecurity labs, networking sessions, and keynote presentations. The Innovation Sandbox will showcase startups competing for the title of "Most Innovative Startup," highlighting the latest advancements in cybersecurity technology. Cyble's Participation Cyble, a leading provider of AI-driven cybersecurity solutions, is showcasing its Cyble Vision Platform at RSA 2024. Attendees can visit Cyble's booth to learn how the platform enhances network resilience and proactively tackles cybersecurity threats. Cyble's leadership team will be available to discuss the latest trends and challenges in cybersecurity. The RSA 2024 remains a cornerstone event for the cybersecurity industry. By addressing critical issues like quantifying cyber risk, securing OT systems, and fostering collaboration, the event aims to equip attendees with the knowledge and tools needed to navigate the ever-evolving threat landscape. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for LockBit’s Seized D ...

 Cybersecurity News

Recent law enforcement action saw several LockBit sites resurrected, with the stated announcement that more details would be revealed about LockBit admin LockBitSupps, gang members and affiliates of the group. As part of the action, at least three former LockBit leak sites were brought back as part of the recent   show more ...

effort. The sites additionally state that the seized domains are set to shut down again within 4 days. LockBit Sites Resurrected Were Seized Earlier by Law Enforcement The sites were brought down earlier as part of the joint-sequence Operation Cronos from, where 10 countries took action to disrupt LockBit's infrastructure facilities within in the United States and abroad. The group said law enforcement had hacked its former dark web site using a vulnerability in the PHP programming language, which is widely used to build websites. [caption id="attachment_66818" align="alignnone" width="1471"] Source: X.com (@marktsec46065)[/caption] The resurrected site suggests that law enforcement personnel have obtained further access to details involving LockBit affiliates and the ransomware group's admin LockBitSupp while investigating the group's back-end systems. During the earlier operation, law enforcement also claimed to be aware of personal details involving LockBitSupp, claiming to know where he lives and that he had engaged with law enforcement. As indicated by the site, the agencies responsible for the recent action will likely issue official press statements. The agencies re-affirmed its commitment to supporting ransomware victims worldwide and encouraged individuals and organizations to report incidents to law enforcement. LockBit Claimed Responsibility for Recent String of Attacks Despite the earlier disruptions and seizures, LockBit continued to claim responsibility for several recent attacks including an attack on Cannes Hospital. The attack forced the hospital to take down its computer systems and switch to traditional pen and paper or manual systems to continue to support patients. Following the hospital's refusal to surrender to ransom demands, the group had allegedly published medical and personal data, including ID cards, health sheets and pay slips. However, the extent and scale of the ransomware group's operations remains much lower than observed in the past year. It is unknown what effect the current action might have on the group's operations as both law enforcement and the ransomware group as well as it's affiliates remain persistent with their efforts. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Cyber Alliance Threa ...

 Firewall Daily

The newly formed alliance known as High Society has declared its affiliation with the notorious threat actor group, Cyber Army of Russia. This alliance has asserted its intentions to target prominent U.S. entities, including the Nuclear Energy Institute (NEI) and the Electric Power Research Institute (EPRI). High   show more ...

Society made its proclamation via a message posted on a dark web forum, stating, "We are launching a joint attack with friends from the HapoguHaa Cyber Apmua. They are aimed at the US nuclear and electric power industry. At the moment, two of the largest resources in the field have been disabled. Nuclear Energy Institute & Electric Power Research Institute." The dark web message posted by the alliance explicitly stated their actions aimed at disabling key resources in the nuclear and electric power industry, highlighting a brazen attempt to disrupt vital services. [caption id="attachment_66776" align="aligncenter" width="871"] Source: X[/caption] A Proven Track Record: Cyber Army of Russia Cyber Army of Russia, previously known as Cyber Army of Russia Reborn, has already demonstrated its capabilities with multiple cyberattacks targeting U.S. and European utilities. These cyberattacks, which included manipulation of human-machine interfaces, showcased the group's proficiency in infiltrating and disrupting essential systems. The recent cyberattack on Consol Energy, a prominent American energy company, further solidifies the threat posed by this group, with disruptions extending beyond national borders. Moreover, a few hours before announcing the news of the alleged alliance, High Society boasted of infiltrating Italy’s engineering company, TeaTek, and gaining access to its internal servers. A message on the dark web forum by the group stated, "A few minutes ago, we gained access to the servers of a large Italian engineering company TeaTek. At the moment, we have taken full control of the servers. Enemy will be destroyed! «>" High Society targeting Italy's TeaTek, gaining access to internal servers, indicates a shared motive with Cyber Army of Russia in attacking critical infrastructure and prominent companies. [caption id="attachment_66777" align="aligncenter" width="634"] Source: X[/caption] What Does High Society Alliance Means This alignment of objectives between the two groups suggests a concerted effort to destabilize key sectors of the global economy, posing severe implications for national security and public safety. There maybe several potential motives behind this alliance. One possibility is that High Society seeks to disrupt critical infrastructure to sow chaos and gain attention. Such actions could be driven by ideological motivations, aiming to challenge authority or make political statements. Another motive could be financial gain. Cyberattacks on organizations like TeaTek may involve theft of sensitive data or extortion attempts, where attackers demand ransom payments in exchange for returning control of compromised systems. Furthermore, there's the possibility of state-sponsored involvement. While High Society claims affiliation with the Cyber Army of Russia, the extent of official state support, if any, remains uncertain. State actors often utilize proxy groups to carry out cyber operations, providing deniability while pursuing strategic objectives. The implications of these alliances extend beyond mere disruption; they represent a significant challenge to governments, cybersecurity professionals, and organizations tasked with safeguarding critical infrastructure. The interconnected nature of modern systems means that a successful attack on one entity can have cascading effects, amplifying the potential damage and chaos. For the U.S., the targeting of entities like NEI and EPRI, which play pivotal roles in the nation's energy infrastructure, highlights the urgent need for strong cybersecurity measures and heightened vigilance. The potential consequences of a successful cyberattack on these institutions are dire, ranging from power outages to compromised safety systems, with far-reaching economic and societal impacts. To mitigate these risks, a multi-faceted approach is necessary. Enhanced cybersecurity protocols, including regular security assessments, intrusion detection systems, and employee training, are essential for organizations vulnerable to cyber threats. Collaboration between governments, law enforcement agencies, and cybersecurity firms is also crucial in sharing intelligence and responding swiftly to emerging threats. Additionally, diplomatic efforts to address state-sponsored cyber threats and hold perpetrators accountable are imperative. While attribution in cyberspace remains challenging, concerted international pressure can deter malicious actors and disrupt their operations. In conclusion, the emergence of alliances like High Society, affiliating with threat actor groups such as Cyber Army of Russia, signals a new chapter in the ongoing battle against cyber threats to critical infrastructure. The need for proactive measures, increased collaboration, and diplomatic initiatives has never been more urgent as nations strive to safeguard their vital systems and protect against the ever-evolving cyber threat landscape. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Australian Privacy C ...

 Cybersecurity News

The Australian privacy commissioner warned the Australian public that third-party suppliers serve as "a real weak spot" to safeguard customer privacy. The warning follows a massive data of over 1 million Australians stemming from a data breach involving a third-party club management software contractor. The   show more ...

leak impacted New South Wales and Australian Capital Territory club-goers while including sensitive personal details such as names, addresses and driver's license. The privacy commissioner has also expressed frustrations with the push towards urgent roll out of artificial intelligence without appropriate regulations to protect citizens. Commissioner Makes Statement as Part of Privacy Awareness Week Australia's new Privacy Commissioner, Carly Kind, emphasized that this issue was growing and that larger organizations such as clubs needed to ensure that third-party suppliers and contractors maintained adequate data privacy standards to fulfill their obligations to consumers. Kind highlighted that while the shift towards a digital economy presented significant opportunities for individuals, businesses, and the public, it also came at the expense of personal privacy. She pointed out that invasive data-gathering practices, weak security protocols, and unfair terms and conditions undermined individual agency while exposing organizations to additional liabilities in the form of data breaches and privacy complaints. The commissioner felt that these new technologies have led to an expansion in the collection and usage of personal information without considering the potential intrusions into individual and collective privacy. The commissioner advised the Australian public to be actively involved and engaged in protecting their personal information. She emphasized that businesses and other organizations collecting data must make informed decisions to safeguard and protect it, while avoiding unnecessary retention of data. Australian Information Commissioner Angelene Falk noted that the Office of the Australian Information Commissioner (OAIC) continues to receive numerous reports of multi-party breaches, primarily stemming from breaches in cloud or software providers. Australian Privacy Commissioner Expresses Additional AI Concerns As part of the privacy week statement, Kind also expressed frustration about the sense of urgency for AI deployment, which seemed to override a more cautionary approach. The commissioner noticed a worrying business perception that AI isn't being used enough, leading to  a sense of urgency and missed opportunity that ignores adequate considerations for its positive implementation and the integration of existing laws and regulations to protect customer data and privacy. Kind has professional expertise in AI, having worked previously as the inaugural director of the London-based AI and data research organization, the Ada Lovelace Institute. Australian Privacy Commissioner Supports Law That Bolsters Privacy While the Australian privacy commissioner has limited power to address serious privacy breaches, the  requirement threshold to meet the requirement is excessively rigid to the point only two civil penalty proceedings were passed in the past nine years. However, reforms to the Privacy Act introduced by Attorney-General Mark Dreyfus in August 2023, seek to empower the commissioner's ability to crack down on breaches with the inclusion of new low-tier and mid-tier civil penalty provisions that would effectively allow the commissioner to deal with non-serious and one-off breaches. The new bill aims to strengthen privacy protections by allowing Australians to sue for deemed privacy invasions and targeted use of personal information like doxing. This reform is deemed vital as personal privacy faces increasing threats. Carly Kind, the new privacy commissioner, has noted industry support for these reforms and highlighted concerns about excessive data collection and outdated privacy laws. Kind's appointment as the standalone privacy commissioner reflects a renewed focus on privacy issues and follows the Australian government's efforts to strengthen the Office of the Australian Information Commission. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Googerteller lets yo ...

 Privacy

We all know that were being tracked online, but the sheer scale of it continues to stagger — at least when this scale is properly communicated. Dry facts like Your browser connected to 456 advertising trackers in the past hour usually dont get the point across. The problem is that such numbers lack context. They   show more ...

fail to connect our online actions with their unseen consequences. But what if we could somehow make online tracking visible — or audible? Electronic music artist Jasmine Guffond did just that a few years back… The sound of Google tracking She created a browser extension called Listening Back, which plays a sound every time your browser saves, modifies, or deletes a cookie file. Since these events accompany practically any user action, the result is both eye-opening (or ear-opening, if you will) and rather bizarrely beautiful. A similar idea occurred to Dutch programmer Bert Hubert, known for creating the PowerDNS software for DNS servers. According to Hubert, when studying network activity logs, he was always struck by how often sites communicate with Google (and other sites too). This inspired him to write a small program he called Googerteller. In the original version, the program emitted a sound every time a connection to Google was made. The result was also impressive — just listen to how it sounds. For example, heres a recording of a visit to the official Dutch government job website, which features posts for vacancies in its intelligence agencies. Almost every click on this site sends information to Google — and the user is never warned about this. More tracking  — more sound Not content with just Google, Bert Hubert added to Googerteller addresses belonging to Facebook and a number of other popular online trackers. Then, he visited a couple of websites that abuse online tracking much more severely than the Dutch government job site. The results speak volumes. Unfortunately, Googerteller is only available as source code on GitHub. Anyone interested in listening to online tracking with their own ears can compile it, and then run it on their computer. Heres the original Googerteller code for Linux, macOS, and other X-systems, and heres a fan-made version for Windows called GoogeDotTeller. The only way to experience Googerteller without compiling it yourself is with this Googerteller-inspired plugin for Mozilla Firefox (and heres its source code). However, the above-mentioned electronic musicians Listening Back browser extension remains readily available in the official extension stores — for both Google Chrome and Mozilla Firefox. No technical skills are needed just install and away you go. Enjoy the silence If youd rather not just listen to trackers collecting information about you, but actively block them, our Private Browsing feature is here to help. It effectively counters online advertising trackers. This feature is available in all our home user subscriptions: Kaspersky Standard, Kaspersky Plus, and Kaspersky Premium. Remember to check your settings: by default, the Private Browsing feature only works in tracker detection and counting mode. Blocking mode must be enabled manually. Once done, fire up Googerteller or Listening Back and compare how your browser sounds with and without protection.

image for Why Your VPN May Not ...

 A Little Sunshine

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of   show more ...

the protection provided by their VPN without triggering any alerts to the user. Image: Shutterstock. When a device initially tries to connect to a network, it broadcasts a message to the entire local network stating that it is requesting an Internet address. Normally, the only system on the network that notices this request and replies is the router responsible for managing the network to which the user is trying to connect. The machine on a network responsible for fielding these requests is called a Dynamic Host Configuration Protocol (DHCP) server, which will issue time-based leases for IP addresses. The DHCP server also takes care of setting a specific local address — known as an Internet gateway — that all connecting systems will use as a primary route to the Web. VPNs work by creating a virtual network interface that serves as an encrypted tunnel for communications. But researchers at Leviathan Security say they’ve discovered it’s possible to abuse an obscure feature built into the DHCP standard so that other users on the local network are forced to connect to a rogue DHCP server. “Our technique is to run a DHCP server on the same network as a targeted VPN user and to also set our DHCP configuration to use itself as a gateway,” Leviathan researchers Lizzie Moratti and Dani Cronce wrote. “When the traffic hits our gateway, we use traffic forwarding rules on the DHCP server to pass traffic through to a legitimate gateway while we snoop on it.” The feature being abused here is known as DHCP option 121, and it allows a DHCP server to set a route on the VPN user’s system that is more specific than those used by most VPNs. Abusing this option, Leviathan found, effectively gives an attacker on the local network the ability to set up routing rules that have a higher priority than the routes for the virtual network interface that the target’s VPN creates. “Pushing a route also means that the network traffic will be sent over the same interface as the DHCP server instead of the virtual network interface,” the Leviathan researchers said. “This is intended functionality that isn’t clearly stated in the RFC [standard]. Therefore, for the routes we push, it is never encrypted by the VPN’s virtual interface but instead transmitted by the network interface that is talking to the DHCP server. As an attacker, we can select which IP addresses go over the tunnel and which addresses go over the network interface talking to our DHCP server.” Leviathan found they could force VPNs on the local network that already had a connection to arbitrarily request a new one. In this well-documented tactic, known as a DHCP starvation attack, an attacker floods the DHCP server with requests that consume all available IP addresses that can be allocated. Once the network’s legitimate DHCP server is completely tied up, the attacker can then have their rogue DHCP server respond to all pending requests. “This technique can also be used against an already established VPN connection once the VPN user’s host needs to renew a lease from our DHCP server,” the researchers wrote. “We can artificially create that scenario by setting a short lease time in the DHCP lease, so the user updates their routing table more frequently. In addition, the VPN control channel is still intact because it already uses the physical interface for its communication. In our testing, the VPN always continued to report as connected, and the kill switch was never engaged to drop our VPN connection.” The researchers say their methods could be used by an attacker who compromises a DHCP server or wireless access point, or by a rogue network administrator who owns the infrastructure themselves and maliciously configures it. Alternatively, an attacker could set up an “evil twin” wireless hotspot that mimics the signal broadcast by a legitimate provider. ANALYSIS Bill Woodcock is executive director at Packet Clearing House, a nonprofit based in San Francisco. Woodcock said Option 121 has been included in the DHCP standard since 2002, which means the attack described by Leviathan has technically been possible for the last 22 years. “They’re realizing now that this can be used to circumvent a VPN in a way that’s really problematic, and they’re right,” Woodcock said. Woodcock said anyone who might be a target of spear phishing attacks should be very concerned about using VPNs on an untrusted network. “Anyone who is in a position of authority or maybe even someone who is just a high net worth individual, those are all very reasonable targets of this attack,” he said. “If I were trying to do an attack against someone at a relatively high security company and I knew where they typically get their coffee or sandwich at twice a week, this is a very effective tool in that toolbox. I’d be a little surprised if it wasn’t already being exploited in that way, because again this isn’t rocket science. It’s just thinking a little outside the box.” Successfully executing this attack on a network likely would not allow an attacker to see all of a target’s traffic or browsing activity. That’s because for the vast majority of the websites visited by the target, the content is encrypted (the site’s address begins with https://). However, an attacker would still be able to see the metadata — such as the source and destination addresses — of any traffic flowing by. KrebsOnSecurity shared Leviathan’s research with John Kristoff, founder of dataplane.org and a PhD candidate in computer science at the University of Illinois Chicago. Kristoff said practically all user-edge network gear, including WiFi deployments, support some form of rogue DHCP server detection and mitigation, but that it’s unclear how widely deployed those protections are in real-world environments. “However, and I think this is a key point to emphasize, an untrusted network is an untrusted network, which is why you’re usually employing the VPN in the first place,” Kristoff said. “If [the] local network is inherently hostile and has no qualms about operating a rogue DHCP server, then this is a sneaky technique that could be used to de-cloak some traffic – and if done carefully, I’m sure a user might never notice.” MITIGATIONS According to Leviathan, there are several ways to minimize the threat from rogue DHCP servers on an unsecured network. One is using a device powered by the Android operating system, which apparently ignores DHCP option 121. Relying on a temporary wireless hotspot controlled by a cellular device you own also effectively blocks this attack. “They create a password-locked LAN with automatic network address translation,” the researchers wrote of cellular hot-spots. “Because this network is completely controlled by the cellular device and requires a password, an attacker should not have local network access.” Leviathan’s Moratti said another mitigation is to run your VPN from inside of a virtual machine (VM) — like Parallels, VMware or VirtualBox. VPNs run inside of a VM are not vulnerable to this attack, Moratti said, provided they are not run in “bridged mode,” which causes the VM to replicate another node on the network. In addition, a technology called “deep packet inspection” can be used to deny all in- and outbound traffic from the physical interface except for the DHCP and the VPN server. However, Leviathan says this approach opens up a potential “side channel” attack that could be used to determine the destination of traffic. “This could be theoretically done by performing traffic analysis on the volume a target user sends when the attacker’s routes are installed compared to the baseline,” they wrote. “In addition, this selective denial-of-service is unique as it could be used to censor specific resources that an attacker doesn’t want a target user to connect to even while they are using the VPN.” Moratti said Leviathan’s research shows that many VPN providers are currently making promises to their customers that their technology can’t keep. “VPNs weren’t designed to keep you more secure on your local network, but to keep your traffic more secure on the Internet,” Moratti said. “When you start making assurances that your product protects people from seeing your traffic, there’s an assurance or promise that can’t be met.” A copy of Leviathan’s research, along with code intended to allow others to duplicate their findings in a lab environment, is available here.

image for Key Insights from th ...

 Threat Lab

As we navigate through 2024, the cyber threat landscape continues to evolve, bringing new challenges for both businesses and individual consumers. The latest OpenText Threat Report provides insight into these changes, offering vital insights that help us prepare and protect ourselves against emerging threats.   show more ...

Here’s what you need to know: The Resilience of Ransomware Ransomware remains a formidable adversary, with groups like LockBit demonstrating an uncanny ability to bounce back even after significant law enforcement actions. Despite a recent crackdown that saw authorities dismantle its infrastructure, LockBit swiftly resumed operations, even taunting law enforcement agencies in the process. This adaptability highlights how resourceful ransomware groups have become, enabling them to evade detection and persistently challenge defenders. For businesses, this means implementing a comprehensive incident response plan that includes secure, immutable backups and regular testing to ensure rapid recovery in the event of an attack. Consumers should also take measures like frequently backing up their data to an external drive or cloud solution. This resilience requires ongoing vigilance and robust security measures for everyone involved. Malware Infections on the Rise For the first time in years, malware infection rates are rising among both businesses and consumers. The uptick is primarily attributed to attackers leveraging advanced tools like generative artificial intelligence (AI), which helps them craft malware that’s more sophisticated and adaptive. Malware variants are becoming more difficult to detect, and infection methods are increasingly creative, such as using enticing email attachments or redirecting users to malicious sites via QR codes. This new wave of malware infections serves as a stark reminder for businesses and individuals to strengthen their cyber defenses. Keep all devices updated with the latest security patches, and use reputable antivirus solutions that can block suspicious downloads and identify malicious software. Additionally, be wary of unexpected attachments or links and avoid clicking on anything that looks suspicious. Phishing Gets Personal Phishing attacks are becoming more sophisticated, thanks to tools like generative AI, which enable attackers to personalize their campaigns for maximum impact. What was once a clear distinction between mass phishing emails and more targeted spear-phishing attempts is now blurring, making it harder to distinguish between the two. Attackers can craft convincing emails that mimic legitimate brands, logos, and domains to trick unsuspecting victims into providing sensitive information or clicking malicious links. For both businesses and consumers, this trend emphasizes the need for increased vigilance and cybersecurity awareness. Educate yourself on common phishing tactics and train employees to recognize fraudulent emails. Multi-factor authentication (MFA) can add a vital layer of protection, and carefully inspect email addresses and links before taking any action. The Critical Role of Cyber Resilience The report underscores the importance of adopting a multi-layered defense strategy to mitigate the impact of these evolving threats. Cyber resilience involves proactive measures to prevent attacks while also ensuring you can quickly recover if a breach occurs. For businesses, this means implementing strong antivirus software, endpoint protection solutions, and regular software updates. For consumers, being alert to suspicious emails, using secure passwords, and frequently backing up data is crucial. A multi-layered approach integrates different layers of defense, making it much harder for an attacker to compromise all systems simultaneously. Combine antivirus tools with DNS protection, endpoint monitoring, and user training for comprehensive protection. Regional Disparities in Cyber Threats Geographical factors significantly influence the prevalence and nature of cyber threats. The report identifies regions like Asia, Africa, and South America facing higher infection rates than North America and Europe, partly due to differing economic conditions, cybersecurity maturity, and regulatory environments. Malware campaigns are often tailored to exploit regional nuances, such as the availability of local payment methods or common software vulnerabilities. Businesses operating globally should adapt their cybersecurity strategies to account for these disparities, ensuring protections are tailored to local risks. Similarly, consumers should stay updated on the regional trends to better prepare for prevalent scams and threats in their area. Industry-Specific Risks This chart shows the percentage of businesses in each industry that encountered at least one malware infection over the past year Specific industries like manufacturing, education, and healthcare are frequently targeted due to the valuable data they hold and the potential disruption caused by successful attacks. Manufacturing is particularly vulnerable to ransomware due to the high cost of production stoppages, which can prompt quicker ransom payments. Educational institutions, on the other hand, often have limited cybersecurity budgets, leaving them vulnerable to malware and phishing attacks that can compromise student and faculty data. While businesses in these industries must enhance their cyber defenses and train staff accordingly, consumers should also be aware of how these attacks could indirectly impact them. For instance, a ransomware attack on a healthcare provider could lead to data breaches exposing patient information. Recommendations for Enhancing Cybersecurity Implement Advanced Email Security: Use systems that can effectively block malicious attachments and links to protect against phishing. Stay Updated with Regular Patches: Keeping your software up-to-date is a critical step in protecting against vulnerabilities that could be exploited by attackers. Invest in Comprehensive Cybersecurity Training: Both businesses and individual users should engage in ongoing education on cybersecurity best practices to recognize and mitigate threats. Adopt Robust Backup Solutions: Ensure that all important data is backed up regularly and securely. This not only protects information but also minimizes disruption in the event of a cyber attack. The 2024 OpenText Threat Perspective serves as a crucial resource, offering insights that are essential for both businesses and consumers aiming to navigate the complexities of today’s cyber threat landscape. By understanding these threats and implementing a multi-layered defense strategy, we can significantly enhance our collective cyber resilience. The post Key Insights from the OpenText 2024 Threat Perspective appeared first on Webroot Blog.

 Malware and Vulnerabilities

Trend Micro researchers revealed that the botnet, primarily operating through compromised Ubiquiti EdgeRouters, is used for various malicious activities such as credential harvesting, proxying network traffic, and hosting phishing landing pages.

 Trends, Reports, Analysis

Ransom recovery costs have surged, with the average payment reaching $2 million, a 500% increase from the previous year. Excluding ransoms, the average cost of recovery has risen to $2.73 million, up by almost $1 million, according to Sophos.

 Companies to Watch

The Israeli startup founded in 2022 by Or Eshed and David Weisbrot has raised $26 million in Series A funding. This round, led by Glilot+ and with participation from Dell Technologies Capital, brings LayerX's total investment to $34 million.

 Computer, Internet Security

Passkeys are gaining widespread adoption as an alternative to traditional passwords for digital authentication. Major tech companies like Microsoft, Google, and Bitwarden have recently expanded support for passkeys.

 Malware and Vulnerabilities

Finland's Transport and Communications Agency (Traficom) highlighted multiple cases of SMS messages written in Finnish that instruct recipients to call a number. The scammer answers the call instructs victims to install a McAfee app for protection.

 Malware and Vulnerabilities

HijackLoader is a modular malware loader that is used to deliver second-stage payloads including Amadey, Lumma Stealer, Racoon Stealer v2, and Remcos RAT. HijackLoader decrypts and parses a PNG image to load the next stage.

 Threat Actors

The German and Czech governments have publicly disclosed that Russian military intelligence hackers, known as APT28, have been involved in an espionage campaign targeting political parties and critical infrastructure in both countries.

 Feed

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

 Feed

The Microsoft PlayReady toolkit assists with fake client device identity generation, acquisition of license and content keys for encrypted content, and much more. It demonstrates weak content protection in the environment of CANAL+. The proof of concept exploit 3 year old vulnerabilities in CANAL+ STB devices, which make it possible to gain code execution access to target STB devices over an IP network.

 Feed

This Metasploit module performs a container escape onto the host as the daemon user. It takes advantage of the SYS_MODULE capability. If that exists and the linux headers are available to compile on the target, then we can escape onto the host.

 Feed

Gentoo Linux Security Advisory 202405-15 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to remote code execution. Versions greater than or equal to 115.8.0:esr are affected.

 Feed

Gentoo Linux Security Advisory 202405-14 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.13_p20240322 are affected.

 Feed

Gentoo Linux Security Advisory 202405-12 - Multiple vulnerabilities have been discovered in Pillow, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 10.2.0 are affected.

 Feed

Gentoo Linux Security Advisory 202405-11 - Multiple vulnerabilities have been discovered in MIT krb5, the worst of which could lead to remote code execution. Versions greater than or equal to 1.21.2 are affected.

 Feed

Gentoo Linux Security Advisory 202405-9 - Multiple vulnerabilities have been found in MediaInfo and MediaInfoLib, the worst of which could allow user-assisted remote code execution. Versions greater than or equal to 23.10 are affected.

 Feed

Gentoo Linux Security Advisory 202405-8 - Multiple vulnerabilities have been discovered in strongSwan, the worst of which could possibly lead to remote code execution. Versions greater than or equal to 5.9.10 are affected.

 Feed

Gentoo Linux Security Advisory 202405-7 - Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.9.16 are affected.

 Feed

Gentoo Linux Security Advisory 202405-5 - Multiple vulnerabilities have been discovered in MPlayer, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.5 are affected.

 Feed

Debian Linux Security Advisory 5679-1 - Several vulnerabilities were discovered in less, a file pager, which may result in the execution of arbitrary commands if a file with a specially crafted file name is processed.

 Feed

Debian Linux Security Advisory 5678-1 - Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code.

 Feed

Debian Linux Security Advisory 5677-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in information disclosure, denial of service or the execution of arbitrary code.

 Feed

Gentoo Linux Security Advisory 202405-2 - Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected.

 Feed

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs. The exact distribution vector is currently unclear, although there are

 Feed

The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced around July 2023, with the first confirmed attack against an unnamed victim

 Feed

Cybercriminals are vipers. They’re like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into.  With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price? That’s the daunting question

 Feed

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data," mobile security firm

 Feed

More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.1, which is the

 cyber

Source: www.cyberdefensemagazine.com – Author: Gary It’s been an amazing journey and we are so thankful to the team at the RSA Conference for working with us for over a decade. I remember before we went carbon neutral, we were printing thousands of copies of our magazine as high quality as possible (think   show more ...

Robb Report if […] La entrada Celebrating our 12th Anniversary at RSA conference 2024 – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team Adversarial Cyber Exercises Are The New Mandate By Stephen Gates, Principal SME, Horizon3.ai After observing the cyber threat landscape in 2023, in the coming year we’re going to see a complete mind shift throughout enterprises and government entities   show more ...

worldwide. The trend forcing this change in thinking is the result […] La entrada Offensive Awakening: The 2024 Shift from Defensive to Proactive Security – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team Harnessing the Power of AI for Advanced Cyber Threat Intelligence and Prevention By Bryan Kissinger, Senior Vice President of Security Solutions and Chief Information Security Officer, Trace3 The digital environment has evolved significantly, becoming a   show more ...

complex space where cybercriminals exploit vulnerabilities in critical infrastructure and sensitive data. These criminals […] La entrada Navigating the Digital Age: AI’s Crucial Role in Cybersecurity Reinforcement – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Finland’s Transport and Communications Agency (Traficom) is warning about an ongoing Android malware campaign attempting to breach online bank accounts. The agency has highlighted multiple cases of SMS messages written in Finnish that instruct   show more ...

recipients to call a number. The scammer who answers the call instructs victims to install […] La entrada Finland warns of Android malware attacks breaching bank accounts – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Ransomware drama: Law enforcement seized Lockbit group’s website again Law enforcement seized the Lockbit group’s Tor website again and announced they will reveal more identities of its operators Law enforcement seized the Lockbit group’s Tor   show more ...

website again. The authorities resumed the Lockbit seized leak site and mocked its administrators. […] La entrada Ransomware drama: Law enforcement seized Lockbit group’s website again – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini NATO and the EU formally condemned Russia-linked APT28 cyber espionage NATO and the European Union formally condemned cyber espionage operations carried out by the Russia-linked APT28 against European countries. NATO and the European Union condemned cyber   show more ...

espionage operations carried out by the Russia-linked threat actor APT28 (aka “Forest Blizzard”, […] La entrada NATO and the EU formally condemned Russia-linked APT28 cyber espionage – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini NATO and the EU formally condemned Russia-linked APT28 cyber espionage  |  Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION  |  Blackbasta gang claimed responsibility for Synlab Italia attack  |    show more ...

LockBit published data stolen from Simone Veil hospital in Cannes  |  Russia-linked APT28 and crooks are still […] La entrada Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: Rawf8 via Alamy Stock Photo New research from Amnesty International’s Security Lab identifies Indonesia as an emerging hub for surveillance tools and suppliers. The organization found evidence of sales and shipment of   show more ...

“highly invasive spyware and other surveillance technologies” sent to Indonesia from countries […] La entrada Amnesty International Cites Indonesia as a Spyware Hub – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams Microsoft is testing the display of memory speeds as MT/s (mega-transfers per second) rather than MHz (megahertz) in the Windows 11 Task Manager. Historically, the data transfer speed of computer memory has been advertised under the MHz (megahertz)   show more ...

metric. MHz represents how many millions of cycles per second a memory module can perform, […] La entrada Microsoft tests using MT/s for memory speed in Windows 11 Task Manager – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams The City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after suffering a weekend ransomware attack. Wichita is the largest city in Kansas, with a population of 400,000 people, ranking it among the top 50 largest   show more ...

cities in the United States. In a rare display of transparency, the City confirmed […] La entrada City of Wichita shuts down IT network after ransomware attack – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams Cybersecurity has quickly moved from esoteric discipline to core competency across the IT space. The Complete 2024 Cyber Security Expert Certification Training Bundle provides five exam prep courses with over 120 hours of lessons to help you get   show more ...

certified and move ahead in your career. These five cybersecurity certification […] La entrada Get ahead in cybersecurity with $145 off a training course bundle – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams The NCA, FBI, and Europol have revived a seized LockBit ransomware data leak site to hint at new information being revealed by law enforcement this Tuesday. On February 19, a law enforcement operation called Operation Cronos took down LockBit’s   show more ...

infrastructure, including 34 servers hosting the data leak website and its mirrors, […] La entrada Lockbit’s seized site comes alive to tease new police announcements – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: thehackernews.com – Author: . May 06, 2024NewsroomVulnerability / Server Security More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that’s vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as   show more ...

CVE-2023-49606, carries a CVSS score of 9.8 out of a […] La entrada Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 China-Linked

Source: thehackernews.com – Author: . May 06, 2024NewsroomNetwork Security / Malware The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface   show more ...

management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced around July […] La entrada China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 costs

Source: thehackernews.com – Author: . Cybercriminals are vipers. They’re like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you’re a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into. With cybercriminals   show more ...

becoming more sophisticated, SMBs like you must do more to protect […] La entrada It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-05
Aggregator history
Monday, May 06
WED
THU
FRI
SAT
SUN
MON
TUE
MayJuneJuly