Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for (SOLD) IntelBroker T ...

 Dark Web News

IntelBroker has asserted a massive breach, and has now sold the access to a cybersecurity entity with a hefty annual revenue of USD 1.8 billion. The threat actor has traded USD 20,000 in XMR or ETH to an unknown entity on a dark web forum.  The initial offer touted access to a trove of sensitive information,   show more ...

including SSL keys, SMTP access, PAuth/Pointer Authentication, and various login credentials. Despite the lack of concrete evidence, a conversation surfaced on social media platforms purportedly involving IntelBroker, further fueling speculation.  While the forum post rumors hinted at the US-based cloud security giant, Zscaler Inc., the actual target remains unconfirmed due to the absence of corroborating proof. However, Zscaler's recent security update on its website hints at a possible connection between the two events.  Alleged Zscaler Data Breach Threatens the Cybersecurity Community [caption id="attachment_67457" align="alignnone" width="1765"] Source: Dark Web[/caption] The gravity of the alleged Zscaler data breach escalated when rumors emerged surrounding a possible breach within the organization's infrastructure. Allegations circulated that a threat actor was peddling access to the company's systems. In response, Zscaler swiftly took its "test environment" offline for analysis, aiming to ascertain the authenticity of the claims. However, the current update from the hacker stated that the unauthorized access has now been sold. Apart from the update, no further information was provided on the receiver who allegedly purchased the unauthorized access for USD 20,000. Zscaler has updated its security page, stating, "Zscaler continues to investigate and reiterates there is no impact or compromise to our customer, production, and corporate environments. During the afternoon of May 8, we engaged a reputable incident response firm that initiated an independent investigation. We continue to monitor the situation and will provide additional updates through the completion of the investigation". [caption id="attachment_67460" align="alignnone" width="1330"] Source: Zscaler[/caption] Initially, Zscaler reassured stakeholders that their investigation yielded no evidence of compromise within their customer or production environments. However, concerns persisted as discussions around the purported Zscaler data breach proliferated online. Users on various platforms debated the authenticity of the claims, with some expressing skepticism while others confirmed the breached organization is cybersecurity giant. Zscaler Responds to the Alleged Breach Claims  Amid the uncertainty, Zscaler remained positive, emphasizing its commitment to safeguarding customer and production environments. Updates from Zscaler's Trust site reiterated their dedication to thorough investigation and transparency. While it confirmed the discovery of an isolated test environment exposed to the internet, they highlighted its lack of connectivity to critical systems and absence of customer data. Talking about the rumors, Zscaler stated that the organization is aware of the claims and they are currently investigating the data. “Zscaler is aware of a public X (formerly known as Twitter) post by a threat actor claiming to have potentially obtained unauthorized information from a cybersecurity company. There is an ongoing investigation we initiated immediately after learning about the claims. We take every potential threat and claim very seriously and will continue our rigorous investigation”, added Zscaler.  Who is IntelBroker? https://www.youtube.com/watch?v=wXuurLlu25I IntelBroker is a solo hacker who gained infamy in 2023 for breaching Weee! and leaking data of 11M customers. Allegations hint at its connection to Iranian state entities, though IntelBroker denies it, claiming independence from Serbia. The hacker's focus on US defense suggests state cooperation. In an exclusive interview with The Cyber Express, the hacker shared information about these operations and himself as a person. Instead of being a full-fledged member of a ransomware group, IntelBroker has been working alone but has collaborated with other hackers in the industry. IntelBroker's targets span national security, government, critical infrastructure, and commerce sectors, executing extensive data breaches without traditional ransomware tactics. The hacker's methods include exploiting vulnerabilities and utilizing the "Endurance-wiper" tool. Transactions predominantly occur in XMR cryptocurrency, ensuring anonymity. The hacker breaches extend to companies like Razer, AT&T, and Verizon, sparking debates on corporate cybersecurity practices. Despite lucrative gains, IntelBroker advocates transparency in reporting breaches to maintain credibility. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for UK-Based Digital Sig ...

 Dark Web News

IntelBroker has claimed the SigningHub data leak, impacting the UK-based online document signing and digital signature creation service provider. The breach, reportedly orchestrated by threat actor IntelBroker and disclosed on nuovo BreachForums, shares insights into the operation of the organization.  IntelBroker, a   show more ...

known entity in the hacker community, revealed the breach on May 8, 2024, shedding light on an incident that occurred in December 2023. The leaked source code encompasses crucial elements of SigningHub's infrastructure, including API services, docker container files, certificates, libraries, and other sensitive data.  This breach has implications not only for SigningHub but also for its parent company, Ascertia Limited, headquartered in Surrey, United Kingdom. Decoding the SigningHub Data Leak Claims [caption id="attachment_67397" align="alignnone" width="1402"] Source: Dark Web[/caption] The announcement of the SigningHub data breach paints a grim picture of the intrusion and its impact. The post, titled "SigningHub - File Signing SRC Leaked, Download!", was shared by the threat actor while other users commended the hacker for this intrusion, stating the SigningHub code leak was “another great hit”, “top release” and other words of praise.  The Cyber Express has reached out to Ascertia to learn more about this SigningHub data leak. However, at the time of writing this, no official statement or response has been shared. The absence of a response leaves the claims surrounding the SigningHub source code leak unverified, exacerbating concerns among users and stakeholders. In an attempt to shed light on the operation associated with the hacker, The Cyber Express reached out to IntelBroker for insights into their motivations and methods. In a recent interview, IntelBroker shared details of their hacking journey, affiliations, and previous exploits, highlighting the scale and sophistication of their operations. The IntelBroker Modus Operandi and Recent Attacks [embed]https://youtu.be/wXuurLlu25I?si=FQYqB3byG3-0lgyr[/embed]   IntelBroker's track record includes a series of high-profile breaches targeting organizations across various sectors, ranging from aviation and technology to government agencies. Notable breaches attributed to IntelBroker include infiltrations at the Los Angeles International Airport, Acuity, General Electric, DC Health Link, and others, each revealing the extent of vulnerabilities in digital infrastructure. The alleged breach at SigningHub adds another layer of complexity to the IntelBroker operations as the hacker has claimed multiple data breaches in 2024, highlighting the pressing issue of security. The Cyber Express will be closely monitoring the situation and we’ll update this post once we have more information on the SigningHub source code leak or any official confirmation from the organization. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Boeing Confirms $200 ...

 Data Breach News

Boeing confirmed that the LockBit ransomware gang attack in October 2023, which impacted certain parts and distribution operations of the company, carried a staggering $200 million cyber extortion demand from the cybercriminals, to not publish leaked data. Boeing on Wednesday acknowledged that it is the unnamed   show more ...

“multinational aeronautical and defense corporation headquartered in Virginia,” which is referenced in an unsealed indictment from the U.S. Department of Justice that unmasked the LockBitSupp administrator. Boeing did not provide an immediate response to The Cyber Express' inquiry seeking confirmation of this news, which was initially reported by Cyberscoop. The indictment in question singled out Dmitry Yuryevich Khoroshev as the principal administrator and developer behind the LockBit ransomware operation, as part of a coordinated international effort that included sanctions from the U.S., the U.K., and Australia. Boeing has not provided confirmation on the negotiations and if the company paid any ransom in exchange of the massive $200 million cyber extortion demand. Boeing Cyber Extortion Saga LockBit first listed Boeing as its victim on October 27 and set a ransom payment deadline for November 2. Boeing had chosen not to provide any comments or statements regarding the incident, at that time, leaving the LockBit claims unverified. Three days later LockBit took down Boeing’s name from the victims’ list fueling further speculations that it was a hoax or the company likely paid ransom. Following this incident, Boeing eventually confirmed falling victim to LockBit’s cyberattack. But as ransom negotiations reportedly failed, LockBit re-listed Boeing on its leak site and threatened to publish 4 gigabytes of sample data as proof of the Boeing data breach. The post also warned that, “All available data will be published!” in coming days. Following on the threat, LockBit published more than 40GB of data on November 10, as the company likely did not agree to pay the ransom demand. Boeing is yet to address the stolen data publicly. Ransom Demands Getting Exorbitant The indictment's reference to the unnamed company highlights the exorbitant ransom demands made by Khoroshev and his cohorts, totaling over $500 million in ransoms extorted from victims since late 2019. Of this, he got nearly $100 million from a 20% share on the ransom payments, which was further “used to continue funding the LockBit operation and its infrastructure.” Ransomware analysts are now calling the Boeing cyber extortion as one of the largest ransom demands from a ransomware gang till date. Researchers suspects LockBit likely made an inflated demand, without realistic expectations of receiving the full amount, merely to test the waters. Between September 2019 and February 2024, Khoroshev grew LockBit into a massive global criminal operation in which along with his affiliates he attacked approximately 2,500 victims, which included nearly 1,800 in the U.S. alone, the indictment said. Apart from Boeing LockBit’s victim list also contains law enforcement agencies, security firms, municipalities, schools, financial institutions and even multinational fast-food chains. Who is LockBit Ransomware Gang? The LockBit ransomware gang emerged in 2019, primarily targeting thousands of global companies, with a focus on those headquartered in the United States. Linked to Russian entities, LockBit has amassed tens of millions of dollars in ransom payments since its inception. According to the Cybersecurity and Infrastructure Security Agency (CISA), LockBit has executed over 1700 attacks in the United States, often by compromising and threatening to release sensitive data for financial gain. The recent Boeing data breach highlights the persistent threat posed by cyberattacks to major corporations. LockBit's aggressive tactics and specific targeting of Boeing, a key player in aerospace and defense, highlight the urgent need for robust cybersecurity measures. The ransomware group's imposed deadline heightens the urgency, highlighting the severe consequences of data breaches and the critical importance of safeguarding sensitive information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Ascension Healthcare ...

 Cybersecurity News

Ascension, one of the largest nonprofit healthcare systems in the United States, is facing disruptions in clinical operations due to a cyberattack that prompted the organization to take some of its systems offline. The organization detected unusual activity on select technology network systems on Wednesday, prompting   show more ...

immediate response, investigation initiation and activation of remediation efforts. Consequently, access to certain systems has been interrupted during the ongoing investigation process. The healthcare organization has advised its business partners to temporarily sever connections to its systems as a precautionary measure and said it would notify partners when it is safe to reconnect. The cyber incident has disrupted clinical operations, prompting an investigation into the extent and duration of the disruption. Ascension has notified relevant authorities about the cyberattack and enlisted the services of Mandiant incident response experts to aid in the investigation and remediation efforts. The organization operates in 19 states and the District of Columbia, Ascension oversees 140 hospitals and 40 senior care facilities. It also boasts of a significant workforce comprising of 8,500 providers, 35,000 affiliated providers and 134,000 associates. In 2023, Ascension’s total revenue amounted to $28.3 billion. Patients Say Chaos on Display at Ascension Healthcare Talking about the disruptions at the healthcare facility, Ascension said, “Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible.” But the ground reality seems to be different, as per a patient account. Talking to local news media Fox 2, a patient named Zackery Lopez said “chaos” was on display this Wednesday in Ascension Providence Southfield hospital where he had to wait nearly seven hours to get a pain medication for his cancer resurgence. “Right now it is crazy. Nurses are running around. Doctors are running around. There’s no computers whatsoever they can use," Lopez said. "So, they’re actually using charts.” Lisa Watson, a nurse at Ascension Via Christi St. Joseph in Wichita, Kansas, told another local news outlet that the hospital shut down its operating rooms on Wednesday following the cybersecurity issue. She also said that system’s, which the hospital uses to scan medications of patients was down, along with their electronic charts. “We are paper-charting all medications, and all lab orders are being hand-written and sent by pneumatic tube systems to the unit they’re supposed to go to,” said Watson. Natalie Sirianni, an MD at one of the hospital linked to Ascension concurred on the chaos that ensued. "No one knew where the forms were. Thank god we have a separate sign out with our pts (patients) meds. Nurses were writing them down from memory. This is a new reality we need to be better prepared," Sirianni wrote on platform X. Sirianni said the EMR (Electronic Medical Records) was completely down, and she had to do multiple rounds to make sure her patients got their meds and to check their vitals. Sirianni said. "No one knew where they (forms) were or which ones to use for hours. We need to have the forms ready to go to switch to paper charting. I left still not knowing how to place lab orders, talked with dozens of people from lab to phlebotomy to management, no one knew. No one was prepared and patients suffered." We have endless incessant modules about stupid policies to save hospitals money but never about downtime protocol," she added. Lopez is also concerned that his personal information was possibly at risk but said he has not received a convincing answer from the authorities yet. "They really didn’t tell me if it was protected or not," he said. "They really kind of just brushed it off when I asked them. They say they’re trying to get everything back on, back on track." Healthcare Breaches on the Rise This incident adds to a growing list of healthcare breaches and ransomware attacks, including the Change Healthcare that caused widespread disruptions across U.S. Initially described as an “enterprise-wide connectivity issue,” the severity of the attack went a bar above when Blackcat – also known as Alphv ransomware gang claimed responsibility for it. The Russia-based ransomware and extortion gang claimed to have stolen millions of Americans’ sensitive health and patient information, a tactic commonly employed by ransomware gangs to exert pressure on victims. However, on February 29, Blackcat withdrew its claim on the breached data of the healthcare group, raising questions if a ransom was paid. The company did confirm that is paid a $22 million ransom later but it now faces multiple lawsuits for alleged negligence in safeguarding clients’ personal information. The parent company UnitedHealth has allocated over $2 billion to fight the fallout of the Change Healthcare data breach. The company last week also stated that a lack of multi-factor authentication (MFA) resulted into the massive hack. In a related development, the U.S. Department of Health and Human Services (HHS) recently cautioned about threat actors employing social engineering tactics to target IT help desks in the Healthcare and Public Health (HPH) sector. These attackers employ deception to enroll new multi-factor authentication (MFA) devices under their control, thereby gaining access to corporate resources, the HHS warned.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Major Changes in NIS ...

 Cybersecurity News

The NIST Cybersecurity Framework (CSF) is a framework designed to provide cybersecurity risk-management guidance to private and public industries, government agencies, and other organizations . It is intended to be applicable for use by any organization regardless of it's size or scale, age, or sector. The version   show more ...

2.0 of the cybersecurity framework is much more extensive with its core guidance and lists additional subcategories as well as links to online resources that offer further guidance on practices to achieve these objectives. The guidance is divided into six areas of focus: identify, protect, detect, respond, recover, and govern. This article unravels the NIST Cybersecurity Framework, the major changes outlined in CSF 2.0, and some of the ways in which it can be adopted. The NIST Cybersecurity Framework Overview The NIST Cybersecurity Framework (NIST CSF) was first introduced in 2014 by the National Institute of Standards and Technology to bolster the security of infrastructure within the United States. By establishing a common set of standards, goals, and terminology to reduce the risk and impact of cyberattacks. By promoting the shared framework, the NIST CSF aids in better decision-making and encourages security standards to address threats such as phishing and ransomware. The initial version was updated to Version 1.1 in 2018, adopting major changes such the inclusion of the Identify core function, additional sub-categories and improved clarity. The draft copy for version 2.0 of the framework was released with the intention of receiving public feedback in August 2023 and closed for comments in November 2023, the final release of Version 2.0 was released in February 2024. Since the new framework demonstrates increased flexibility to various situations, the NIST has recommended its voluntary self-adoption by organizations of all sizes. Target Audience The primary audience for the framework comprises of individuals responsible for developing and overseeing cybersecurity planning and strategization within organizations. It is also relevant for other roles involved in risk management, such as executives, board of directors, acquisition professionals, technology experts, risk managers, legal professionals, human resource specialists, and auditors who specialize in cybersecurity and risk management. Additionally, the CSF can serve as a useful asset to those involved with the making and influencing of private and public policy (e.g., associations, professional organizations, regulators) who establish and communicate priorities for cybersecurity risk management. Major Changes in NIST Cybersecurity Framework 2.0 Released in February 2024, the NIST Cybersecurity Framework 2.0 is the latest revision to the framework. Inclusion of 'Govern' Core Function While the previous framework stated 'Identify, Protect, Detect, Respond, and Recover' as its core functions in implementation, the new framework includes 'Govern.' Govern seeks to addresses the establishment of cybersecurity strategy, cybersecurity supply chain risk management, roles, responsibilities, authorities, policy, and the oversight of cybersecurity strategy within the  organizational context. More Extensive Sub-categories and References within Core Functions CSF version 2.0 includes additional categories and subcategories of cybersecurity goals and standards within the listed core functions, as well as hundreds of other helpful references to assist readers. The new framework is much more extensive with its definitions and resources. Expanded Scope The new framework’s scope has expanded beyond just the protection of critical infrastructure, such as water facilities and power plants, to providing safety standards for all organizations regardless of sector or size. This expanded scope is reflected in the change of the CSF’s official title to “The Cybersecurity Framework,” from the earlier “Framework for Improving Critical Infrastructure Cybersecurity.” This reflects an earlier request from the US Congress for the framework to expand its guidance to aid small businesses. Framework Tiers The new tiers define how a company handles cybersecurity risks, allowing them to adopt the tier that best fulfills their objectives, decrease cyber risk to a desirable level while accounting for difficulties in implementation. The tiers offer progress starting from 1 ('Partial') to 4  (‘Adaptive’) with rising level of sophistication but additional efforts in implementation. Framework Profiles The CSF profiles aid companies in finding the right path that’s right for them to reduce cybersecurity risks. Each profile lays out an organization’s “current” and “target” positions and in meeting the criteria in transforming from one profile to the other. Focus on Supply-Chain and  Third-Party Risk The framework incorporates new supply chain guidelines as part of the core 'Govern' function, and expects that cybersecurity risks within software supply chains should be considered while an organization carries out its functions. Moreover, the NIST framework reminds organizations to plan and conduct due diligence to reduce risks prior to entering agreements with supplier or other third-party contractors. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Cybersecurity Alert: ...

 Firewall Daily

Security researchers have revealed new critical vulnerabilities in F5’s Next Central Manager, posing severe risks to organizational cybersecurity. These Next Central Manager vulnerabilities allowed attackers to exploit the Central Manager remotely, gaining full administrative control over the device. Subsequently,   show more ...

attackers could create unauthorized accounts on any F5 assets managed by the Central Manager, remaining undetected within the system. The vulnerabilities, collectively known as the "F5 Next Central Manager vulnerability," were first identified by security researchers from Eclypsium. They disclosed their findings to F5, which subsequently assigned CVE identifiers CVE-2024-21793 and CVE-2024-26026 to the reported vulnerabilities. Understanding the Next Central Manager Vulnerabilities [caption id="attachment_67545" align="alignnone" width="1732"] Source: Eclypsium[/caption] F5 promptly responded to the Next Central Manager vulnerabilities in software version 20.2.0, urging organizations to upgrade to the latest version immediately to mitigate potential risks. However, it's crucial to note that while five vulnerabilities were reported, CVEs were only assigned to two of them. The Next Central Manager serves as the centralized point of control for managing all tasks across the BIG-IP Next fleet. Despite F5's efforts to enhance security with the Next generation of BIG-IP software, these vulnerabilities highlight the persistent challenges in safeguarding network and application infrastructure. The vulnerabilities enabled attackers to exploit various aspects of the Central Manager's functionality. For instance, one vulnerability allowed attackers to inject malicious code into OData queries, potentially leading to the leakage of sensitive information, including administrative password hashes. Another vulnerability involved an SQL injection flaw, providing attackers with a means to bypass authentication measures. Technical Details and Responses to Next Central Manager Vulnerabilities Furthermore, an undocumented API vulnerability facilitated Server-Side Request Forgery (SSRF) attacks, enabling attackers to call API methods on any BIG-IP Next device. This allowed them to create unauthorized accounts on individual devices, evading detection by the Central Manager. Additionally, inadequate Bcrypt cost and a flaw allowing administrators to reset their passwords without prior knowledge posed further security risks. These weaknesses significantly lowered the barrier for attackers to compromise the system and maintain unauthorized access. The implications of these vulnerabilities were profound, as they could be exploited in various attack scenarios. Attackers could exploit the vulnerabilities to gain administrative control, manipulate account credentials, and create hidden accounts on managed devices, undermining the integrity and security of the entire network infrastructure. In response to these findings, security experts emphasized the importance of proactive security measures and vigilant monitoring of management interfaces. They advised organizations to enforce access control policies and adopt a zero-trust approach to mitigate the risks associated with such vulnerabilities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for International Baccal ...

 Cybersecurity News

The International Baccalaureate Organization (IBO) confirmed a hacking incident, while clarifying that no ongoing exam papers were leaked despite claims online of a wider cheating scandal. The IB found students sharing exam details online before the completion of their ongoing tests globally, and simultaneously   show more ...

observed increased malicious activity targeting its computer networks. On investigating the online claims, IB found that the leaked data set appeared to be limited to earlier data from 2018, while the ongoing exam paper leaks could be a result of some students sharing exam papers online rather than a hack. Founded in 1968, the International Baccalaureate is a non-profit educational organization based in Geneva, Switzerland. It aims to provide high quality international education free of regional, political or educational agendas. Exam Cheating Concerns Amidst International Baccalaureate Hack Earlier last week, the International Baccalaureate had released an update stating that it was investigating online speculation about potential cheating by some students in the ongoing exams. The organization stated that while there was no evidence of widespread cheating, some students might have engaged in "time zone cheating". The organization defined time zone cheating as an action where students "who have completed their examinations share what they can recall from memory about the exam questions on social media before other students take the examination." Citing its own academic integrity policy which forbids such behaviour, the organization stated that students engaging in such activity would not receive their Diploma certificates or grades and may potentially be banned from future exam retests. [caption id="attachment_67556" align="alignnone" width="2800"] Source: Official Update[/caption] After its initial investigations, the organization stated that it had experienced an increase in attempted malicious activity aiming to interfere with its systems. It also confirmed that some data from 2018, including employee names, positions, and emails, had been breached through a third-party vendor, and screenshots of this leaked data were shared online. However, the organization again clarified that at the time of the investigation, no recent exam material was found to be compromised. The notice further stated that IB was continuing to assess the incident and had taken steps to contain the incident. The organization mentioned that it would provide further information on the incident as the situation evolved. The Cyber Express team has reached out to the International Baccalaureate for further details, and a spokesman responded with a link to the second update notification. Students Petition For Exam Cancellation The exam is taken by nearly 180,000 students internationally. However, recent speculations over the hacking incident and cheating allegations have raised concerns among students and their parents, leading to an online petition demanding exam cancellation or re-test. Amidst the speculation, the International Baccalaureate took action to remove leaked content and stated that cheaters would face severe consequences. Some condemned the leaks as failures in governance and urged for improved exam security, prompting the IB to affirm its intention to stay ahead of technological threats while promoting academic integrity in the exam process. The IB further cautioned its authorized network of schools about data breaches and phishing attempts. The leaked materials from the International Baccalaureate data breach were observed to have been downloaded over 45,000 times. The leaked content, allegedly included mathematics and physics papers which were widely circulated online, further raising doubts about exam integrity. It remains to be seen, if the student petition demand's for justice or the organization's observation of increased hacking attempts will lead to a further escalation of the situation. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Medusa Ransomware Cl ...

 Cybersecurity News

The Medusa ransomware group has demanded $3.5 million from the Chemring Group on their leak site, along with a looming threat to leak 186.78 GB of sensitive documents claimed to have been obtained from the Chemring Group data breach. The group set the negotiation deadline as May 16, 2024, providing the victim about 9   show more ...

days to surrender to demands while also presenting additional options such as prolonging negotiation period, removing or downloading the data allegedly stolen during the attack at varying prices. The Chemring Group is a multi-national UK-based business that provides a range of technology solutions and services to the aerospace, defence and security markets around the world. The Chemring Group data breach post was shared on the threat actor's data leak site along with 3 American organizations listed as victims. However, the authenticity of these claims is yet to be verified. While the Chemring Group refutes any major compromise, they have confirmed an ongoing investigation into the alleged data breach. Medusa Hackers Demand $3.5 Million Following Chemring Group Data Breach On the leak site, the ransomware group demanded a ransom of 3.5 million USD with a negotiation deadline of 16th May 2024. The group allegedly exfiltrated 186.78 GB of confidential documents, databases, and SolidWorks design files. However no sample data had been shared making it harder to verify the group's claims. Additionally, the leak site provided the victim with the options to add an additional day to make ransom negotiations for 1 million, to delete all the data for 3.5 million or download/delete the exfiltrated data for 3.5 million. [caption id="attachment_67453" align="alignnone" width="944"] Source: X.com / @H4ckManac[/caption] The Chemring Group PLC listing was also accompanied by the listing of three alleged victim organizations, including One Toyota of Oakland, Merritt Properties and Autobell Car Wash. After being reached out for additional details by The Cyber Express team, a Chemring Group spokesman made the following statements about the alleged ransomware attack: Chemring has been made aware of a post that has appeared on X (formerly Twitter) alleging that the Group has been subject to a ransomware attack. An investigation has been launched, however there is currently nothing to indicate any compromise of the Group’s IT systems, nor have we received any communication from a threat actor suggesting that we have been breached. We confirm that all Chemring businesses are operating normally. Our preliminary investigations lead us to believe that this attack was on a business previously owned by Chemring but where there is no ongoing relationship or connection into our IT systems. As this is subject to an ongoing criminal investigation we cannot comment further at this stage. Who is Medusa Ransomware Group? The MedusaLocker ransomware group has known to have been active since September 2019. The group  usually gains initial access to victims’ networks by exploiting known vulnerabilities in Remote Desktop Protocol (RDP). The Medusa ransomware group has been observed to increase their attack campaigns after the debut of a their dedicated data leak site in February 2023. The group primarily targets healthcare, education and public-sector organizations inits campaigns. The group was previously responsible for an attack on Toyota in December 2023 in which the group obtained access to sensitive details such as names, addresses, contact information, lease-purchase details, and IBAN numbers. The incident prompted the company to adopt stronger data protection and notify affected customers while informing details about the breach to relevant authorities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Transatlantic Cable ...

 News

For the 346th episode of the Kaspersky Transatlantic Cable Podcast, Jag and I dive into a handful of stories that tie back to disinformation, privacy, people persisting, before ending with the WTF story of the week (and perhaps year). We kick things off discussing WhatsApp and encryption, but more importantly how the   show more ...

apps boss understands that it is being used – even in countries where there are bans on the popular messenger app. From there, we jump into the story from last week that impacts users of DropBox. After covering what it is, we discuss some safety measures that can be used by people using the service. For our third story, we dive into the world of TikTok. While the US ban may be top of mind, we are actually crossing the world to discuss a recent phenomenon on the app that ties back to North Korea. It isnt a hack, but rather an odd case of a propaganda song from the country going viral on the popular platform. Who would have thought that disinformation could go viral? But hey, I guess the beat slaps (as the kids say). After that bit of head scratching, we head back to the US where recent research has shown that phishing sites impersonating the USPS are getting almost as much traffic as the real site. To close things out, we dive into AI and porn. More specifically, a new app being advertised on PornHub that allows anyone with the app to see any person neked, with the help of AI and without consent. If you liked what you heard, please consider subscribing. Tens of millions secretly use WhatsApp despite bans Dropbox says hackers stole customer data, auth secrets from eSignature service Why North Koreas latest propaganda bop is a huge TikTok hit US Post Office phishing sites get as much traffic as the real one Pornhubs Nonconsensual Nudify Ad

 Malware and Vulnerabilities

The vulnerability exists due to an unsafe deserialization method used by the Veeam Service Provider Console (VSPC) server during communication between the management agent and its components.

 Malware and Vulnerabilities

The two vulnerabilities, an SQL injection flaw (CVE-2024-26026) and an OData injection vulnerability (CVE-2024-21793), could allow attackers to gain admin control and create hidden rogue accounts on managed assets.

 Security Products & Services

Pktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET, while on other platforms, it employs generic PCAP live wire capture.

 Malware and Vulnerabilities

Google recently released a series of security updates for Android to address 26 vulnerabilities, including a critical flaw in the System component (CVE-2024-23706) that could allow attackers to escalate privileges on vulnerable devices.

 Trends, Reports, Analysis

A report by Mitek Systems reveals that banks are facing a significant challenge with fraud, including traditional issues like money laundering and account takeover, as well as newer threats such as AI-generated fraud and deepfakes.

 Emerging Threats

Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention.

 Trends, Reports, Analysis

CISOs stress the importance of DevSecOps automation to mitigate risks associated with AI and emphasize the need for modernized security tools to combat evolving cyber threats and comply with regulations.

 Laws, Policy, Regulations

The CISA will prolong the comment period for new regulations under the Cyber Incident Reporting for Critical Infrastructure Act for another month after requests from the energy and information technology sectors and other industries.

 Trends, Reports, Analysis

The Cobalt State of Pentesting Report highlights the challenges faced by the cybersecurity industry in balancing the use of AI and protecting against it, amidst significant workforce reductions and resource constraints.

 Feed

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive reverse shell connections.

 Feed

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

 Feed

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides   show more ...

automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.

 Feed

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

 Feed

Debian Linux Security Advisory 5686-1 - Nick Galloway discovered an integer overflow in dav1d, a fast and small AV1 video stream decoder which could result in memory corruption.

 Feed

Ubuntu Security Notice 6768-1 - Alicia Boya García discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety of impacts including possible privilege escalation.

 Feed

Debian Linux Security Advisory 5684-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Kacper Kwapisz discovered that visiting a malicious website may lead to address bar spoofing. Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to   show more ...

arbitrary code execution. SungKwon Lee discovered that processing web content may lead to a denial-of-service. Various other issues were also addressed.

 Feed

Debian Linux Security Advisory 5682-2 - The update for glib2.0 released as DSA 5682-1 caused a regression in ibus affecting text entry with non-trivial input methods. Updated glib2.0 packages are available to correct this issue.

 Feed

Debian Linux Security Advisory 5685-1 - Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack.

 Feed

Debian Linux Security Advisory 5683-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

 Feed

Gentoo Linux Security Advisory 202405-28 - Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.223.02 are affected.

 Feed

Gentoo Linux Security Advisory 202405-26 - Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to a denial of service. Versions greater than or equal to 5.15.9-r1 are affected.

 Feed

Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.

 Feed

Gentoo Linux Security Advisory 202405-22 - Multiple vulnerabilities have been discovered in rsync, the worst of which can lead to denial of service or information disclosure. Versions greater than or equal to 3.2.5_pre1 are affected.

 Feed

Ubuntu Security Notice 6766-1 - It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and   show more ...

Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

 Feed

Ubuntu Security Notice 6767-1 - Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Debian Linux Security Advisory 5682-1 - Alicia Boya Garcia reported that the GDBus signal subscriptions in the GLib library are prone to a spoofing vulnerability. A local attacker can take advantage of this flaw to cause a GDBus-based client to behave incorrectly, with an application-dependent impact.

 Feed

Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next

 Feed

Cybersecurity and compliance guidance are in high demand among SMEs. However, many of them cannot afford to hire a full-time CISO. A vCISO can answer this need by offering on-demand access to top-tier cybersecurity expertise. This is also an opportunity for MSPs and MSSPs to grow their business and bottom line. MSPs and MSSPs that expand their offerings and provide vCISO services

 Feed

Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet. That's according to findings from Juniper Threat Labs, which said the vulnerabilities CVE-2023-46805 and CVE-2024-21887 have been leveraged to deliver the botnet payload. While CVE-2023-46805 is an authentication bypass flaw,

 Feed

Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has

 Feed

Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. "The campaign sent emails with content intended to arouse the recipient's interest and persuade him to click on the link," the computer emergency response team, CERT Polska, said in a Wednesday bulletin. Clicking on the link

 Data loss

The kingpin of the LockBit ransomware is named and sanctioned, a cybersecurity consultant is charged with a $1.5 million extortion, and a romance fraudster defrauded women he met on Tinder of £80,000. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by   show more ...

cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by “Ransomware Sommelier” Allan Liska.

 Data loss

A medical lab that specialises in cancer screenings has admitted to an alarming data breach that left sensitive patient information exposed for years - and accessible by unauthorised parties. California-based Guardant Health is notifying affected individuals that information related to samples collected in late 2019   show more ...

and 2020 was "inadvertently" left exposed online to the general public after an employee mistakenly uploaded it. Read more in my article on the Hot for Security blog.

 Threat Lab

Congratulations, graduates! As you gear up for life after high school or college, you’re stepping into a world of exciting firsts—new jobs, new homes, and new adventures. There’s one first you might not have considered: your first identity protection plan. Why is identity protection important? Let’s   show more ...

dive in. Why protecting your identity matters Imagine this: you’re building your credit score, applying for a credit card, or renting your first apartment. These milestones are crucial, but they also make you a prime target for identity theft and fraud. Your credit score is your financial fingerprint—it impacts job opportunities, apartment rentals, and even car loans. Protecting your identity from fraud is key to a smooth transition into adulthood. Plus, as you start crafting resumes and portfolios for your dream job, your devices become treasure troves of personal information. Losing them to cyber threats can compromise your future. This is where identity and virus protection step in. Understanding the risks Identity theft and fraud pose significant risks, especially for new graduates entering the world of financial independence. As you start using credit cards or taking out loans, you become a prime target for cybercriminals looking to exploit your personal information. If your identity is stolen, it can wreak havoc on your credit history and financial well-being. But it’s not just about identity theft. Your personal devices—laptops, smartphones, and tablets—hold a wealth of sensitive information that cybercriminals target through malware, ransomware, and other cyber threats. From important resumes and portfolios to personal documents, your digital footprint needs robust protection. Safeguarding against identity theft and cyber threats To protect yourself against these digital risks, consider adopting the following technology approaches: Identity monitoring servicesMonitor for suspicious activity across your identity and financial accounts, providing up to $1 million in expense reimbursement in case of identity theft. Real-time antivirus protectionInstall robust antivirus software that provides continuous protection against emerging threats like malware, ransomware, and phishing scams. VPN for privacyUse a Virtual Private Network (VPN) to browse the internet securely and maintain control over your online privacy. A VPN encrypts your internet connection, protecting your data from prying eyes. Password managementKeep your passwords secure and easily accessible with a password management tool that stores and encrypts your passwords, allowing you to use strong, unique passwords across all your accounts without the risk of forgetting them. Protecting your identity and personal information is essential as you embark on your journey into adulthood and financial independence. By incorporating these technology solutions into your digital habits, you can significantly reduce the risk of identity theft, fraud, and cyberattacks. Choosing the right protection Now, let’s talk about finding the right protection for you. Do you have multiple devices that need safeguarding? Are you protecting just yourself, or your family too? These are the questions that will guide your choice. Enter Webroot. Webroot can help you navigate the complex world of identity, privacy, and virus protection. With a range of options, you can select the level of security that fits your lifestyle and needs. Worried about credit fraud? Interested in keeping your devices secure? Webroot has you covered. Ready to make your first smart adulting decision? Explore Webroot’s protection plans and secure your future today. Help me choose the right protection. The post Graduation to Adulting: Navigating Identity Protection and Beyond! appeared first on Webroot Blog.

 Feed

Can AI effortlessly thwart all sorts of cyberattacks? Let’s cut through the hyperbole surrounding the tech and look at its actual strengths and limitations.

 All things Heimdal

Source: heimdalsecurity.com – Author: Madalina Popovici Official Press Release Copenhagen, Denmark – May 8th, 2024 — Heimdal®, a global leader in cybersecurity solutions, is excited to announce the appointment of Jesper Frederiksen as its new Chief Executive Officer. Bringing a wealth of experience from   show more ...

the SaaS and cloud security sectors, Frederiksen is renowned for his expertise in […] La entrada Heimdal Welcomes Jesper Frederiksen as Its New Chief Executive Officer – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Livia Gyongyoși Researchers warn that Xiaomi devices are vulnerable to over 20 critical issues affecting applications and system components. Security specialists notified the vendor regarding the flaws at the end of April 2023. For the moment, Xiaomi didn’t manage to fix   show more ...

all of them. What are the vulnerable Xiaomi apps? The […] La entrada 20+ Xiaomi Vulnerabilities Put Users’ Data and Devices at Risk – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams Update 5/8/24: Out original article was updated to include new information about a breached “test” environment. Zscaler says that they discovered an exposed “test environment” that was taken offline for analysis after rumors   show more ...

circulated that a threat actor was selling access to the company’s systems. In a Wednesday afternoon post, […] La entrada Zscaler takes “test environment” offline after rumors of a breach – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Image: Georgia Institute of Technology Tech Tower (RobRainer) The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks. USG is a state government agency   show more ...

that operates 26 public colleges and universities in Georgia with over 340,000 students. The Clop […] La entrada University System of Georgia: 800K exposed in 2023 MOVEit attack – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan ​Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a “cyber security event.” As a major U.S. nonprofit health system, Ascension operates   show more ...

140 hospitals and 40 senior care facilities across 19 states and […] La entrada Ascension healthcare takes systems offline after cyberattack – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Mayank Parmar A recent partnership announcement between OpenAI and Stack Overflow has some members concerned that their data is being used without permission and, when trying to remove their posts, find their accounts are suspended. The partnership was   show more ...

announced on Monday, with OpenAI getting access to Stack Overflow’s API and feedback from developers and StackCommerce getting links in ChatGPT […] La entrada Stack Overflow suspends user for editing posts in OpenAI protest – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create hidden rogue accounts on any managed assets. Next Central Manager allows administrators to control on-premises or cloud   show more ...

BIG-IP Next instances and services via a unified management user interface. The […] La entrada New BIG-IP Next Central Manager bugs allow device takeover – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Image: Midjourney The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024. Tracked as Storm-0539, this   show more ...

hacking group targets the personal and work mobile devices of retail […] La entrada FBI warns of gift card fraud ring targeting retail companies – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Image: Keeper of the Plains in Wichita (Sepavone) The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City’s authorities to shut down IT systems used for online bill   show more ...

payment, including court fines, water bills, and public transportation. Wichita, Kansas, is the largest city in […] La entrada City of Wichita breach claimed by LockBit ransomware gang – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft has confirmed that last month’s Windows Server security updates may also cause domain controller reboots after the Local Security Authority Subsystem Service (LSASS) process crashes. LSASS is a Windows service that handles security   show more ...

policies, user logins, access token creation, and password changes. The list of impacted Windows versions […] La entrada Microsoft: April Windows Server updates also cause crashes, reboots – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Artificial intelligence is the new epicenter of value creation. Employees across industries are ecstatic about deploying easily accessible generative AI tools to elevate the quality of their output and to improve efficiency. According to the latest   show more ...

research, 60% of employees use generative AI tools to augment their efforts. […] La entrada Two-thirds of organizations are not prepared for AI risks – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: cybernewswire Philadelphia, Pa., May 8, 2024, CyberNewsWire — Security Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection Workshop, a complimentary offering designed to assist organizations in selecting the most suitable operational technology   show more ...

(OT) and Extended Internet of Things (XIoT) security tools for their unique environments. Led by seasoned […] La entrada News alert: Security Risk Advisors offers free workshop to help select optimal OT security tools – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: cybernewswire SAN FRANCISCO, May 7, 2024, CyberNewsWire –– Hunters, the pioneer in modern SOC platforms, today announced its full adoption of the Open Cybersecurity Schema Framework (OCSF), coupled with the launch of groundbreaking OCSF-native Search capability. This   show more ...

strategic advancement underscores Hunters’ commitment to standardizing and enhancing cybersecurity operations through open, integrated […] La entrada News alert: Hunters announces full adoption of OCSF, introduces OCSF-native search – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breach

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Bumble Dee via Shutterstock The disclosure of a breach exposing data on over 225,000 UK military personnel underscores the global security risks associated with external contractors to defense entities. The exposure, which came to   show more ...

light just this week, stemmed from a threat actor accessing the names, […] La entrada UK Military Data Breach a Reminder of Third-Party Risk in Defense Sector – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Ruma Aktar via Alamy Stock Photo A yearslong influence operation by Iran has been stoking the flames of social, cultural, and political unrest in Israel. The scheme has had three distinct phases. The first, which began three years   show more ...

ago, pitted Israel’s ultra-Orthodox and LGBTQ+ communities against […] La entrada 3-Year Iranian Influence Op Preys on Divides in Israeli Society – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE Mountain View, Calif. – May 8th, 2024 – Cyolo, the secure remote access company for operational technology (OT) and industrial control systems (ICS), today announced a strategic partnership with Dragos, a global leader in cybersecurity for ICS/OT.   show more ...

Under the umbrella of Cyolo’s CyoloVerse  partner program,  Cyolo’s PRO Secure Remote Access Platform […] La entrada Cyolo Partners With Dragos to Unveil Holistic Secure Remote Access Solution for Critical Infrastructure – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 announces

Source: www.darkreading.com – Author: PRESS RELEASE LONDON and SALT LAKE CITY, May 8, 2024 /PRNewswire/ — Netcraft, the global leader in digital risk protection and threat intelligence, announced its new Conversational Scam Intelligence platform at RSAC in San Francisco, which builds on   show more ...

Netcraft’s intentional approach to using AI to stay ahead of criminals and protect client brands and customers. The FBI reports that US […] La entrada Netcraft Announces New AI-Powered Innovations to Disrupt and Expose Criminal Financial Infrastructure – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.darkreading.com – Author: PRESS RELEASE SAN FRANCISCO, CA — May 7, 2024 — At the RSA Conference today, runZero announced the inaugural edition of the runZero Research Report, the first in a series of publications that explore the state of asset security across global enterprises. As a leading   show more ...

provider of Cyber Asset Attack Surface […] La entrada runZero Research Explores Unexpected Exposures in Enterprise Infrastructure – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Americans

Source: go.theregister.com – Author: Team Register A crime ring dubbed BogusBazaar has scammed 850,000 people out of tens of millions of dollars via a network of dodgy shopping websites. Victims in Western Europe, Australia, and America were tricked by these sham sites into placing orders for goods that either   show more ...

didn’t exist or were cheap knock-offs, […] La entrada What do Europeans, Americans and Australians have in common? Scammed $50M by fake e-stores – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cables

Source: go.theregister.com – Author: Team Register Interview As undersea cables carry increasing amounts of information, cyber and physical attacks against them will cause a greater impact on the wider internet. Something like 95 percent of international data flows through those submarine cables, at a time when   show more ...

shipping, military exercises, and more threatens those global pathways. […] La entrada Undersea cables must have high-priority protection before they become top targets – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 attack

Source: thehackernews.com – Author: . May 09, 2024NewsroomEncryption / Data Privacy Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim’s network traffic by just being on the same local network. The   show more ...

“decloaking” method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It […] La entrada New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . May 09, 2024NewsroomMobile Security / Cyber Attack Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. “The campaign sent emails with content intended to   show more ...

arouse the recipient’s interest and persuade him to click on the link,” the computer […] La entrada Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . May 09, 2024The Hacker NewsvCISO / Regulatory Compliance Cybersecurity and compliance guidance are in high demand among SMEs. However, many of them cannot afford to hire a full-time CISO. A vCISO can answer this need by offering on-demand access to top-tier   show more ...

cybersecurity expertise. This is also an opportunity for MSPs […] La entrada New Guide: How to Scale Your vCISO Services Profitably – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 botnet

Source: thehackernews.com – Author: . May 09, 2024NewsroomNetwork Security / Botnet Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet. That’s according to findings from Juniper Threat Labs, which said the   show more ...

vulnerabilities CVE-2023-46805 and CVE-2024-21887 have been leveraged to deliver the botnet payload. While […] La entrada Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.bitdefender.com – Author: Graham Cluley A medical lab that specialises in cancer screenings has admitted to an alarming data breach that left sensitive patient information exposed for years – and accessible by unauthorised parties. California-based Guardant Health is notifying affected   show more ...

individuals that information related to samples collected in late 2019 and 2020 was “inadvertently” […] La entrada Cancer patients’ sensitive information accessed by “unidentified parties” after being left exposed by screening lab for years – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: grahamcluley.com – Author: Graham Cluley The kingpin of the LockBit ransomware is named and sanctioned, a cybersecurity consultant is charged with a $1.5 million extortion, and a romance fraudster defrauded women he met on Tinder of £80,000. All this and much much more is discussed in the latest   show more ...

edition of the “Smashing Security” podcast […] La entrada Smashing Security podcast #371: Unmasking LockBitsupp, company extortion, and a Tinder fraudster – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Zev Brodsky Silverfort is excited to announce our integration with external authentication methods (EAM) in Microsoft Entra ID, which is now in public preview. This allows customers to use Silverfort seamlessly with any app or service that relies on Entra ID as an   show more ...

identity provider.  Enhanced MFA and Threat Intelligence  In […] La entrada Silverfort Announces New Integration with Microsoft Entra ID EAM  – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cryptocurrency

Source: securityboulevard.com – Author: Wajahat Raja The recent crackdown on the crypto mixer money laundering, Samourai, has unveiled a sophisticated operation allegedly involved in facilitating illegal transactions and laundering criminal proceeds. The cryptocurrency community was shocked by the sudden   show more ...

Samourai Wallet shutdown. The U.S Department of Justice (DoJ) revealed the arrest of two co-founders, shedding […] La entrada Crypto Mixer Money Laundering: Samourai Founders Arrested – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: Rebecca Kappel The financial industry is experiencing a gold rush of sorts with the integration of Artificial Intelligence (AI) technologies. With huge data volumes processed by the financial services sector, AI holds much promise for the industry. But much like the   show more ...

historic California gold rush, some made profits selling gold, others […] La entrada AI Regulation in Finance: Steering the Future with Consumer Protection at the Helm – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Nudge Security Blog For anyone who has been through a corporate merger or acquisition, you know that things can get…messy. Just like moving in with a new partner, the two entities need to figure out what they each have, what they actually need, who’s going to do what   show more ...

in the new […] La entrada How Nudge Security is useful in a merger or acquisition – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-05
Aggregator history
Thursday, May 09
WED
THU
FRI
SAT
SUN
MON
TUE
MayJuneJuly