Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Researchers Observe ...

 Firewall Daily

Cybersecurity researchers at Cyble's Research and Intelligence Labs (CRIL) have uncovered a new ransomware variant called Trinity, which employs a double extortion strategy and has potential links to the previously identified Venus ransomware. This article explores the findings about the Trinity ransomware strain   show more ...

as well as the noted similarities between the Trinity and Venus ransomware strains. Uncovering Tactical and Technical Details of Trinity Ransomware CRIL researchers observed a new ransomware variant called Trinity, that employs common double extortion tactics such as exfiltrating data from victim's systems before encrypting them, and the intent to use both a support and leak site in their operations. The support site allows victims to upload sample files less than 2MB in size for decryption, while the leak site though currently empty, threatens to expose victim data. [caption id="attachment_68024" align="alignnone" width="940"] Source: Cyble Blog[/caption] Upon initial stages of the investigation, researchers observed similarities between the Trinity ransomware and the 2023Lock ransomware which has been active since early 2024. The deep similarities between the two variants such as identical ransom notes, and code suggest that Trinity might be a newer variant of the 2023Lock ransomware. Researchers noted an intricate execution process in the ransomware's operations such as a search for a ransom note within its binary file and immediately terminates if the file is unavailable. The ransomware collects system information such as the processor count, the pool of threads, and existing drives to prepare its multi-threaded encryption process. The ransomware then attempts privilege escalation by impersonating a legitimate process's token for its own usage, enabling the ransomware to bypass security measures. The ransomware deploys network enumeration activity along with lateral movement, demonstrating broad attack capability. [caption id="attachment_68025" align="alignnone" width="547"] Source: Cyble Blog[/caption] The Trinity variant employs the ChaCha20 algorithm to encrypt of victim files. After encryption, filenames are appended with “.trinitylock,” while ransom notes are left in both text and .hta formats in. The ransomware also modifies the desktop wallpaper to the ransomware note and uses a specific registry key to facilitate this change. Similarities Between Trinity Ransomware and Venus Ransomware The connections between Trinity and Venus go beyond mere similarities in their ransom notes and registry usage. Venus, an established ransomware operation with a global reach, emerged around mid-2022. The similarities between Venus and Trinity extend to their usage of identical registry values and consistency in their mutex naming conventions and code base. Additionally, the ransom notes used by both ransomware variants exhibit a similar format. The shared tactics and techniques indicate a possible collaboration between the two groups. This collaboration could lead to the exchange of techniques, tools, and infrastructure, amplifying the scale and sophistication of future ransomware campaigns. CRIL researchers have advised organizations to stay vigilant and implement robust cybersecurity measures to protect against these evolving threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for TCE Cyberwatch: Week ...

 Cybersecurity News

This week on TCE Cyberwatch we’re covering the different data breaches and vulnerabilities faced by different companies. Along with this, the rise of countries using AI and deepfake technology, some consensual and some not, adds depth to the conversation surrounding the security of it all. TCE Cyberwatch aims to   show more ...

bring updates around large-scale and small-scale events to ensure our readers stay updated and stay in the know of cybersecurity news that can impact them. Keep reading to learn about what’s currently trending in the industry. Dropbox Sign data breached; Customers authentication information Stolen Dropbox, a popular drive and file sharing service, revealed that they had recently faced a security breach which led to sensitive information being endangered. Specifically, Dropbox Sign, a service used to sign documents, was targeted. The data stolen was of Dropbox Sign users, which had information such as passwords, account settings, names, emails, and other authentication information. Rotation and generation of OAuth tokens and API keys are steps that have been taken by Dropbox to control fallout. Dropbox has assured that “from a technical perspective, Dropbox Sign’s infrastructure is largely separate from other Dropbox services. That said, we thoroughly investigated this risk and believe that this incident was isolated to Dropbox Sign infrastructure, and did not impact any other Dropbox products.” Read More Cyberattacks on organizations in the UAE claimed by Five Families Alliance member, Stormous Ransomware Stormous Ransomware has claimed responsibility for cyberattacks that have attacked several UAE entities. A ransomware group linked to the Five Families alliance which is known for targeting the UAE entities, Stormous Ransomware has targeted organisations like the Federal Authority for Nuclear Regulation (FANR); Kids.ae, the government’s digital platform for children; the Telecommunications and Digital Regulatory Authority (TDRA), and more. After announcing alleged responsibility for the attacks, the ransomware group demanded 150 BTCs, which comes to around $6.7 million USD. They had threatened to leak stolen data if the ransom was not paid. The organisations targeted by the group are yet to speak up about the situation and tensions are high due to the insurmountable damage these claims could cause. Read More Russian bitcoin cybercriminal pleads guilty in the U.S. after arrest in France Alexander Vinnik, a Russian cybercrime suspect, recently pleaded partially guilty to charges in the U.S. Previously arrested in Greece in 2017 on charges of money laundering of $4 billion through the digital currency bitcoin in France, Vinnik is now set to face a trial in California. Vinnik’s lawyer, Arkady Bukh, predicted that Vinnik could get a prison term of less than 10 years due to the plea bargain. The U.S. Department of Justice accused Vinnik of having "allegedly owned, operated, and administrated BTC-e, a significant cybercrime and online money laundering entity that allowed its users to trade in bitcoin with high levels of anonymity and developed a customer base heavily reliant on criminal activity." Read More Many Android apps on Google Play store now have vulnerabilities that infiltrate them Popular Android applications have faced a path traversal-affiliated vulnerability. Called the Dirty Stream attack, it can be exploited by one of these flagged applications leading to overwriting files. The Microsoft Threat Intelligence team stated that, “the implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application's implementation.” The apps who have faced this vulnerability are popular, with 500 million to 1 billion downloads. Exploitation would have led to the attacker having control of the app and being able to access the user’s data, like accounts used. Microsoft is worried about it being a bigger issue and has asked developers to focus on security to protect sensitive information. Read More Department of Social Welfare, Ladakh, in India, allegedly hacked, but no proof provided Recently, a threat actor had allegedly hacked the database of the Department of Social Welfare Ladakh, Government of India. Their claims, however, seemed to have no support. No information was disclosed from their side and no breaching of sorts was sensed on the department’s website. However, if the claims are true, the fallout is predicted to be very damaging. Investigations into the claims are currently happening. As no motive or even the authenticity has been confirmed, for the individuals whose data resides in the departments database and national security, it’s important to detect and respond in a swift manner as to preserve the nation’s cyber security. Read More U.K. military data breach endangers information of current, veteran military personnel The U.K. military faced a data breach where the information of serving UK military personnel was obtained. The attack was of Ministry of Defence’s payroll system and so information like names and bank details, sometimes addresses, were gathered. The hacker behind it was unknown until now but the Ministry has taken immediate action. The "personal HMRC-style information" of members in the Royal Navy, Army and Royal Air Force was targeted, some current and some past. The Ministry of Defence is currently providing support for the personnel whose information was exfiltrated, and this also requires informing veterans’ organisations. Defence Secretary Grant Shapps is expected to announce a "multi-point plan” when he updates the MPs on the attack. Read More India’s current election sees deepfakes, Prime Minister Modi calls for arrests of political parties responsible India’s current Prime Minister Modi has announced that fake videos of him and other leaders making “statements that we have never even thought of”, have been circulating. This election, with its new name of being India’s first AI election, has led to police investigations of opposition parties who have made these videos with Modi calling for arrests. Prior to this, investigations regarding fake videos of Bollywood actors criticising Modi were also taking place. However, in this situation, around nine people have been arrested - six of whom are members of Congress’ social media teams. Five of them have managed to be released on bail, but arrests of higher-ranking social media members have been made. There has been a trending tag #ReleaseArunReddy for Congress national social media co-ordinator, Arun Reddy, who had shared the fake videos. Germany and Poland accuse Russian Military Service of cyber-attacks Germany has come out stating that an attack on their Social Democratic Party last year was done by a threat group believed to be linked to Russian Military Services. German Foreign Minister Annalena Baerbock said at a news conference in Australia that APT28, a threat group also known as Fancy Bear, has been “unambiguously” confirmed to have been behind the cyberattack. Additionally, Poland has joined in support of Germany and said that they were targeted by ATP28 too. Poland has not revealed any details about the attack they faced but Germany shares that they are working to rebuild damage faced by it. Baerbock stated that, “it was a state-sponsored Russian cyber-attack on Germany, and this is absolutely intolerable and unacceptable and will have consequences.” Ukraine unveils new AI-generated foreign ministry spokesperson Ukraine has just revealed an AI spokesperson who has been generated to deliver official statements for the foreign ministry. The messages being delivered are written by humans, but the AI is set to deliver them, moving animatedly and presenting herself as an individual through introducing herself as Victoria Shi. Victoria is modelled based on a Ukrainian celebrity, Rosalie Nombre, who took part in her development and helped to model the AIs appearance and voice after her. Ukraine’s foreign minister has said that she was developed for “saving time and resources,” along with it being a “technological leap that no diplomatic service in the world has yet made.” Read More Singapore passes new amendment to their cybersecurity bill which regulates temporary, high-risk attacks A new amendment to Singapore’s Cybersecurity Law was made by its Parliament to keep up with the country’s evolving critical infrastructure and to adapt to technological advancements. The changes made regulate the Systems of Temporary Cybersecurity Concern (STCC), which encompass systems most vulnerable to attacks in a limited period. This means the Cyber Security Agency of Singapore (CSA) can oversee Entities of Special Cybersecurity Interest (ESCIs), due to their error disposition affecting the nation’s security as a whole. With the country’s defence, public health and safety, foreign relations, and economy in danger, the Bill is set to target critical national systems only, leaving businesses and such as they are. Read More Eurovision becomes susceptible to cyberattacks as the world’s largest music competition takes place during conflict The 68th Eurovision Song Contest is being held in Sweden, Malmö, this year due to current tensions surrounding conflicts like Israel and Gaza, and Russia and Ukraine. Security has been tightened as in 2019, hackers had infiltrated the online stream of the semi-finals in Israel by warning a missile strike and showed images of attacks in Tel Aviv, the host city. There are several reports about hackers hijacking the broadcast as over 167 million people tuned in to watch last year. The voting system can also be an issue with the finals coming up, but Malmö’s police chief claims to be more worried about disinformation. The spokesperson for the contest stated that “We are working closely with SVT's security team and the relevant authorities and expert partners to ensure we have the appropriate measures in place to protect from such risks.” Read More Wrap Up This week we’ve seen militaries and governments being cyber-attacked and that truly reminds us how interconnected everything is. If big organisations are vulnerable to attacks, then so are we. TCE Cyberwatch hopes that everyone stays vigilant in the current climate of increased cyberattack risks and ensure they stay protected and are on the lookout for any threats which could affect them. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Hacktivist Group R00 ...

 Dark Web News

Hacktivist collective R00TK1T ISC CyberTeam has claimed responsibility for breaching the Ministry of Supply and Internal Trade in Egypt. The group's announcement, posted on their platform, boldly declares their successful infiltration into the ministry's systems, accompanied by purported evidence of their   show more ...

access to highly secure networks. This Ministry of Supply and Internal Trade breach claims come on the heels of previous announcements by R00TK1T ISC, including their intention to target the BreachForums and the subsequent closure of their official Telegram channel.  The group cited security considerations for their shift back to operating in secrecy, leaving their private data channel as the sole means of communication for their activities. Ministry of Supply and Internal Trade Breach Claims [caption id="attachment_68095" align="alignnone" width="212"] Source: X[/caption] The Cyber Express has tried reaching out to the Egyptian ministry to learn more about this alleged Ministry of Supply and Internal Trade data breach claims. However, efforts to verify the intrusion were hampered by communication difficulties, preventing direct contact with the ministry. As a result, the claims made by R00TK1T ISC remain unconfirmed. The website for the Ministry of Supply and Internal Trade seems to be operational at the moment and doesn’t show any immediate sign of the intrusion. The threat actor has shared several screenshots of the document pilfered through this intrusion.  Talking about the Ministry of Supply and Internal Trade breach in their post, the threat actor said, “We have successfully hacked into The Ministry of Supply and Internal Trade in Egypt, showcasing our deep infiltration into their systems.” R00TK1T ISC CyberTeam Hacking Spree Meanwhile, in a separate incident on January 30, 2024, R00TK1T ISC CyberTeam launched an attack on Malaysia's digital infrastructure, further highlighting the global reach and impact of such malicious activities. Their claim to have accessed sensitive information from prominent companies like L'Oreal and Qatar Airways highlights the sophistication and persistence of cyber threats faced by businesses worldwide. In Egypt, the corporate sector has witnessed a surge in ransomware attacks in recent weeks, posing a significant risk to businesses across various industries. This escalating threat necessitates urgent action to bolster cybersecurity measures and mitigate potential damages. Amid ongoing political and security challenges in the Middle East, Egyptian businesses remain prime targets for cyberattacks, with ransomware emerging as a prevalent threat. The consequences of such attacks, including data loss and reputational damage, highlight the critical need for better defense mechanisms to safeguard against cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Alleged Hosocongty D ...

 Dark Web News

A dark web hacker, known as "makishimaaaa," has recently advertised a significant data breach on the Nuovo BreachForums. The compromised data originates from Hosocongty, a prominent Vietnamese job search platform. According to makishimaaaa's post on May 12, 2024, the hacker claims to have exfiltrated a PII   show more ...

(Personally Identifiable Information) database from the Hosocongty data breach in 2024. The database, offered for sale at the price of $320, contains approximately 160,000 records. These records include sensitive information such as company names, passwords, contact details, and various other personal identifiers. Interested buyers are instructed to contact the hacker privately, with the option of using escrow systems for transactions. Hosocongty Data Breach Exposes Thousands of Job Seekers Hosocongty.vn, the affected platform, serves as a crucial link between job seekers and employers across Vietnam. Its rapid growth highlights its significance in the country's job market. However, this data breach raises concerns about the security and privacy of the platform's users. [caption id="attachment_68133" align="alignnone" width="1622"] Source: Dark Web[/caption] Makishimaaaa's relatively low ransom demand and status as a new member of the hacking forum suggest a developing situation. The hacker joined the platform in March 2024 and has since posted 38 times. This calculated move indicates a deliberate attempt to minimize suspicion while maximizing profits from the stolen data. The compromised database contains a wealth of personal information, including company details, contact numbers, email addresses, and more. Makishimaaaa emphasizes the quality and active rate of the data, reassuring potential buyers of its reliability. However, the ethical implications of purchasing stolen data remain a cause for concern. The Cyber Express has reached out to the recruitment firm to learn more about this Hosocongty data breach. However, at the time of writing this, no official statement or response has been released, leaving the claims for the Hosocongty data leak unverified.  Cyberattack on the Recruitment Sector The Hosocongty data breach is indicative of a broader trend of increasing cyberattack on the recruitment sector. In February 2024, Das Team Ag, a prominent job placement agency in Switzerland and Liechtenstein, fell victim to the Black Basta ransomware group, highlighting the vulnerability of recruitment platforms.  Cyber risks in the digital hiring process have intensified over the years, with cybercriminals targeting sites housing sensitive data, such as employment platforms. The surge in digitalization has exacerbated these threats, necessitating enhanced security measures across industries.  Polymorphic attacks, phishing, and malware are among the most prevalent cyber threats facing the recruitment sector, posing risks to both job seekers and companies. As such, users of Hosocongty are urged to exercise vigilance and implement necessary security measures to safeguard personal information.  This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the Hosocongty data breach or any official confirmation from the Vietnamese job portal.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Australia Faces Unpr ...

 Dark Web News

Following Australia's vocal support for Ukraine, the nation finds itself targeted by a Cyber Army Russia Reborn cyberattack. The recent alleged Distributed Denial of Service (DDoS) attacks on Australian entities, including two prominent organizations in Australia — Auditco and Wavcabs. The DDoS attacks,   show more ...

orchestrated by Cyber Army Russia Reborn, seem to be a response to Australia's solidarity with Ukraine. While the precise motives behind these attacks remain unclear, the timing suggests a correlation between Australia's stance and the cyber onslaught. Cyber Army Russia Reborn Cyberattack Targets Australia [caption id="attachment_68069" align="alignnone" width="641"] Source: X[/caption] Wavcabs, a transportation service, and Auditco, an auditing company, were among the targets of these Cyber Army Russia Reborn cyberattacks. Wavcabs' online services were disrupted, with users encountering connection timeouts when attempting to access the website. Similarly, Auditco faced technical difficulties, as indicated by error code 522 on their site earlier.  [caption id="attachment_68071" align="alignnone" width="656"] Source: X[/caption] The Cyber Express has reached out to both organizations to learn more about this Cyber Army Russia Reborn cyberattack. Despite the severity of these cyber incidents, both Wavcabs and Auditco have not issued official statements regarding the attacks.  The lack of response leaves the claims of Cyber Army Russia Reborn's involvement unverified, highlighting the complexity of attributing cyberattacks to specific actors. Australia's Support for Ukraine These assaults on Australian companies occur as the nation reaffirms its support for Ukraine. The Albanese Government's commitment to aiding Ukraine was recently reinforced with a $100 million assistance package. Deputy Prime Minister and Minister for Defence, Richard Marles, revealed the assistance during a visit to Ukraine, where he witnessed firsthand the impact of Russia's aggression. Australia's $100 million aid package to Ukraine includes $50 million for military assistance, prioritizing Australian defense industry support for uncrewed aerial systems and essential equipment. Another $50 million is designated for short-range air defense systems, alongside the provision of air-to-ground precision munitions.  Amidst ongoing cyberattacks on Australia, the nation’s unwavering support for Ukraine highlights the complexities of modern warfare and the critical need for cybersecurity measures. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We'll update this post once we have more information on these cyberattacks on Australian companies or any official confirmation from the listed organizations.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Hacker Offers Data A ...

 Cybersecurity News

An unidentified threat actor known as "pwns3c" has offered access to a database purported to contain sensitive data and documents from a City of New York data breach for sale on BreachForums. The City of New York website offers official digital representation of the city's government as well as access to   show more ...

related information such as alerts, 311 services, news, programs or events with the city. The claims made in the post, despite its alleged nature raises significant concerns about the extent of the data breach as well as the security practices followed by the government office. Alleged City of New York Data Breach Claimed to Include Sensitive Data The stolen database is allegedly stated to include 199 PDF files, approximately 70MB in size in total. The exposed data includes a wide range of personally identifiable information (PII), such as: Licensee Serial Number, Expiration Date, Applicant or Licensee Name, Trade Name, Street Address, City, Zip Code, Phone Number of Applicant, and Business Email of Applicant. Moreover, the data also reveals sensitive details about building owners, attorneys, and individuals, including their EIN, SSN, and signature. The threat actor is selling this sensitive information for a mere $30, and interested buyers are instructed to contact them through private messages within BreachForums or through their Telegram handle. The post seemingly includes links to download samples of the data allegedly stolen in the attack. [caption id="attachment_68084" align="alignnone" width="1872"] Source: BreachForums[/caption] The alleged data breach has far-reaching implications, as it puts the personal information of numerous individuals at risk. The leak of personally identifiable information (PII) and sensitive documents exposes individuals to potential risks of identity theft, fraud, and other malicious activities. The Cyber Express team has reached out to the New York City mayor's official press contact email for confirmation. However, no response has been received as of yet. pwns3c Earlier Claimed to have Hacked Virginia Department of Elections In an earlier post on BreachForums, pwns3c claimed an alleged data breach against the Virginia Department of Elections, compromising of at least 6,500 records. The earlier stolen data was also offered for USD 30 in Bitcoin (BTC), Litecoin (LTC), or Monero (XMR) on the dark web. The Virginia Department of Elections is responsible for providing and overseeing open and secure elections for the citizens of the Commonwealth of Virginia. It is responsible for voter registration, absentee voting, ballot access for candidates, campaign finance disclosure and voting equipment certification in coordination with about 133 of Virginia's local election offices. The compromised data was allegedly stated to have included sensitive information such as timestamps, usernames, election data, candidate information, and voting method details. However, there has been no official confirmation of the stated incident as of yet. The breaches claimed by pwns3c, despite their alleged nature highlight the persistent challenges of securing the websites of government institutions. The sensitive nature of the stolen data that may allegedly include Social Security Numbers (SSNs), contact information, election-related details, and signatures, underscores the urgency for government websites to strengthen their security measures. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Christie’s Auction ...

 Cybersecurity News

Just days before its highly anticipated spring art auctions, Christie's, the renowned auction house, had fallen victim to a cyberattack, taking its website offline and raising concerns about the security of client data. The Christie's auction house cyberattack has sent shockwaves through the art world, with   show more ...

collectors, advisers, and dealers scrambling to adapt to the sudden disruption. Christie's is a British auction house founded in 1766 by James Christie, offering around 350 different auctions annually in over 80 categories, such as decorative and fine arts, jewelry, photographs, collectibles, and wine. The auction house has a global presence in 46 countries, with 10 salerooms worldwide, including London, New York, Paris, Geneva, Amsterdam, Hong Kong, and Shanghai. The company provided a temporary webpage after its official website was taken down and later notified that the auctions would proceed despite the setbacks caused by the cyberattack. Christie’s Auction House Cyberattack Occurs Ahead of Major Auctions [caption id="attachment_68140" align="alignnone" width="1000"] Source: Shutterstock[/caption] The cyberattack came at an inopportune time for Christie's, with several high-stakes auctions estimated at around $850 million in worth scheduled to take place in New York and Geneva. Art adviser Todd Levin highlighted the significance of the timing, expressing concern that the cyberattack was happening during a pivotal moment before the spring sales when buyers confirm their interest in artworks. He raised a pressing question: "How can potential bidders access the catalog?" The auctions will include works by Warhol, Basquiat, and Claude Monet, and pieces from the Rosa de la Cruz Collection, that are expected to generate hundreds of millions of dollars in revenue. Christie's website was taken offline following the hack which affected some of its systems. Despite the setback, Christie's has assured clients that the auctions will proceed as planned, with bidders able to participate in person, by phone, or through Christie's Live platform. Despite the hack, Christie's CEO Guillaume Cerutti assured clients that all eight live auctions in New York and Geneva would proceed as scheduled, with the exception of the Rare Watches sale, which was postponed to May 14th. In a statement, Cerutti elaborated: "I want to assure you that we are managing this incident according to our well-established protocols and practices, with the support of additional experts. This included, among other things, the proactive protection of our main website by taking it offline." Growing Cybersecurity Concerns in the Art World The incident is a sobering reminder of the increasing threat of cyberattacks in the art world. In recent years, several museums and art market platforms have fallen victim to hacking, highlighting the need for vigilance in protecting sensitive client information amidst slumbering sales. Earlier in January, a service provider managing the online collections of several prominent museums had been targeted, affecting institutions like The Museum of Fine Arts in Boston, the Rubin Museum of Art in New York, and the Crystal Bridges Museum of American Art. Last year in 2023, Christie's had another security incident come to light when it was discovered inadvertently exposing the GPS location and co-ordinates of several art pieces purchased by some of the world’s biggest and wealthiest collectors, revealing their exact whereabouts.  In 2017, hackers employed an email scam to intercept payments between dealers and clients, siphoning sums ranging from £10,000 to £1 million. These incidents underscore the art world's vulnerability to similar threats as the market becomes increasingly digital, auction houses and museums must take proactive steps to to invest in stronger defenses against a rapidly evolving cyber threat landscape and the risks it may pose to the art industry. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for CBSE Results 2024 Un ...

 Firewall Daily

As the Central Board of Secondary Education (CBSE) in India released the CBSE results 2024 for its class 10th and 12th examinations, a significant cybersecurity flaw was discovered on the official website. This vulnerability, identified by The Cyber Express, could potentially allow unauthorized individuals to view and   show more ...

alter students' examination results. The exams for Class 12 were held from February 15 to April 2, and for Class 10 from February 15 to March 13, conducted using traditional pen-and-paper methods where a total of 3,860,051 students appeared. Of these, 1,621,224 students participated in the Class 12 exams, while a significantly larger group of 2,238,827 students took the Class 10 exams. On Monday, students could access their results online by entering details such as their date of birth, roll code, and roll number. But the security loophole, discovered early this morning, could potentially lead to a massive CBSE data leak, affecting millions of students across India.  The vulnerability was first noticed early this morning when the results were supposed to be securely accessible to students and their families. The flaw on the CBSE website revolves around the exposure of administrative credentials and a technical misconfiguration in the SQL database system, specifically within a stored procedure called 'Getcbse10_All_2024'. To the average person, this might merely seem like a glitch, but it's a significant security flaw that provides an opportunity for malicious actors to manipulate and misuse crucial information, including outcomes. The ramifications are profound, as this vulnerability endangers the personal and academic data of countless students, potentially impacting their future opportunities. CBSE Results 2024: Student Data Risk Explained [caption id="attachment_68160" align="alignnone" width="2648"] The error message also includes connection string details, which are critical for connecting to the database but should never be exposed as they can lead to security risks.[/caption] The code message displayed on the website originates from a database query related to retrieving data concerning CBSE (Central Board of Secondary Education) Class 10 results for the year 2024. 'Getcbse10_All_2024' refers to a stored procedure in the database. A stored procedure is a prepared SQL code that you can save and reuse. In this case, it's likely a procedure intended to retrieve all data related to the CBSE Class 10 results for the year 2024. The procedure 'Getcbse10_All_2024' is expecting a parameter named '@admid', but it was not provided in the call to the procedure. The '@admid' likely stands for "Administrator ID" or a similar identifier that should be passed to the procedure to execute properly. The absence of this parameter means the procedure cannot run as intended, leading to an error. The error message also includes connection string details, which are critical for connecting to the database but should never be exposed as they can lead to security risks. provider=MSOLEDBSQL: This specifies the provider used for SQL Server. MSOLEDBSQL is a Microsoft OLE DB provider for SQL Server. server=10.***.10.***: This is the IP address of the server where the database is hosted. Knowing the server address can allow unauthorized users to attempt connections to the database. Database=****results**: This is the name of the database. Knowing the database name helps in directing queries and commands to the correct database. uid=cbseresults24; pwd=****************** : These are the credentials (username 'uid' and password 'pwd') used to authenticate to the database. With these credentials, an unauthorized user could potentially gain full access to the database, allowing them to view, modify, or delete data. Although the exposed data presents a significant risk, a researcher from the AI-powered threat intelligence platform, Cyble, noted that the threat potential is somewhat mitigated by incomplete information disclosure. “The IP address is internal and not public, which means that for a threat actor to extract information or gain access, they would need to engage in offensive actions like SQL injections or other methods. However, this does not diminish the seriousness of the exposed ID and password, which could still be exploited if the correct server address is discovered,” the researcher explained. The error message not only indicates a technical issue in the database query execution but also highlights a potential vulnerability. If exploited by an individual skilled in database management and privilege escalation, this vulnerability could allow unauthorized access to the database. Such unauthorized access could lead to various security risks, including data manipulation, deletion, or use for malicious purposes such as phishing or blackmail. Immediate steps should be taken to secure the database, which include changing the database credentials, reviewing logs to check for unauthorized access, and implementing better security practices like not exposing sensitive information in error messages or logs. Why CBSE Matters The Central Board of Secondary Education (CBSE) is a prominent national education board in India, overseeing both public and private schools. It is under the direct purview of the Ministry of Education, Government of India. The CBSE administers comprehensive examinations for students completing their 10th and 12th grades, which are crucial for advancing to higher education and professional pathways. The board is recognized for its rigorous curriculum and is influential in setting educational standards across the country. The Cyber Express has contacted officials at the Central Board of Secondary Education (CBSE) to notify them of a detected vulnerability. We inquired if they are aware of the issue, the causes of this glitch, and the steps they intend to take to address it. We are currently awaiting a response from the organization. Technical Aspect of the CBSE Data Exposure: Potential Risks The exposure of the admin database ID and password in the CBSE data leak opens up several potential risks. While none of these events have occurred, the exposure of such critical credentials could lead to severe consequences if not addressed promptly. 1. Unauthorized Access and Control: With the admin credentials exposed, there is a potential for unauthorized users to gain full access to the CBSE's SQL database. This would allow them to view, copy, and manipulate sensitive data, including examination results and student personal information. 2. Risk of Data Manipulation: The ability to alter data is a significant risk. Although no data has been reported as altered, the possibility exists. Unauthorized changes could include tampering with examination results or modifying student records, which could severely undermine the integrity of the CBSE's educational assessments. 3. Threat of Data Theft: The exposed credentials could potentially be used to access and extract sensitive information. This data, which could include personal details of students and staff, is at risk of being used for malicious purposes such as identity theft or fraud. 4. Potential for Operational Disruption: While no disruptions have occurred, the exposed credentials could be used to damage data integrity or lock out legitimate users, potentially causing significant disruptions to CBSE's operations and affecting educational activities. 5. Foundation for Further Attacks: The leak itself could facilitate further attacks. With administrative access, attackers could deploy additional malicious software, establish backdoors for continued access, or leverage the compromised database to launch attacks on connected systems. The situation remains fluid, and updates are expected as more information becomes available. Stay subscribed to The Cyber Express to learn more about the story as it proceeds. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Human body pose reco ...

 Technology

To find a (honest) man, Diogenes famously used a lantern – the philosopher relied solely on optical recognition methods. Today, however, scientists suggest using Wi-Fi signals for this purpose. More specifically, the method developed by three researchers at Carnegie Mellon University uses the signal from an ordinary   show more ...

home Wi-Fi router to not only pinpoint a persons location in a room, but also to identify their pose. Why Wi-Fi? There are several reasons for this. Firstly, unlike optical recognition, radio signals work perfectly in the dark and arent hindered by small obstacles like furniture. Secondly, its cheap, which cant be said for lidars and radars – other tools that could potentially do the job. Thirdly, Wi-Fi is already ubiquitous – just reach out and grab it. But just how effective is this method? And what can you do with it? Lets dive in. DensePose: a method for recognizing human poses in images To get started, however, we need to back up a bit – first, we need to understand how to accurately recognize the human body and its poses in general. In 2018, another group of scientists presented a method called DensePose. They successfully used it to recognize human poses in photographs – that is, two-dimensional images with no additional data for depth. Heres how it works: first, the DensePose model searches for objects in the images that are recognized as human bodies. These objects are then segmented into distinct areas, each corresponding to a specific body part, and analyzed individually. This approach is used because body parts move very differently: for example, the head and torso behave very differently from the arms and legs. DensePose can accurately recognize the poses of human bodies in photographs and even create UV maps of their surfaces. Source As a result, the model has learned to correlate a 2D image with the 3D surface of the human body, obtaining not only image annotations corresponding to the recognized pose, but also a UV map of the body depicted in the photo. The latter makes it possible, for example, to overlay a texture on the image. Most impressively, this technique can accurately recognize the poses of multiple people in group photos, even those chaotic prom night pictures where people are huddled together and partially obstruct each other. DensePose accurately recognizes the positions of individual figures in group photos. Source Whats more, if the images presented in the paper and the videos published by the researchers are to be believed, the system can confidently handle even the most unusual body positions. For example, the neural network correctly identifies people on bicycles, motorcycles, and horseback, and also accurately determines the poses of baseball players, soccer players, and even breakdancers, who often move in unpredictable ways. The DensePose model works well even for highly unusual poses. Source Another advantage of DensePose is that it doesnt demand extraordinary computing power to work. Using a GeForce GTX 1080 – hardly a top-of-the-line graphics card, even at the time the study was published – DensePose captures 20-26 frames per second at a resolution of 240×320 and up to five frames per second at a resolution of 800×1100. DensePose over Wi-Fi: radio waves instead of photos Basically, the Carnegie Mellon researchers idea was to use the existing high-performance body recognition AI model, DensePose, but feed it Wi-Fi signals instead of photographs. For their experiment, they constructed the following setup: Two stands with standard TP-Link home routers, each equipped with three antennas: one served as a transmitter, the other as a receiver. The recognition scene positioned between these stands. A camera mounted on a stand next to the receiver router, capturing the same scene that the researchers were aiming to recognize using Wi-Fi signals. General diagram of the test bench for recognizing human poses using Wi-Fi. Source Next, they ran DensePose, which identified body positions using the camera installed next to the receiver router, and tasked it with training another neural network that worked with the Wi-Fi signal from the receiving router. This signal was preprocessed and modified for more reliable recognition – but these are minor details. The point is that the researchers were indeed able to create a new Wi-Fi-DensePose model that accurately reconstructs the spatial positions of human bodies using Wi-Fi signals. In good conditions, the model can recognize human poses very well. Source Limitations of the method However, lets not rush to write headlines like Scientists Learn to See Through Walls Using Wi-Fi just yet. First of all, the seeing here is quite abstract – the model doesnt actually see the human body, but can predict its location and pose with a certain probability based on indirect data. Visualizing anything with intricate detail using Wi-Fi signals is a complex challenge. This is demonstrated by another, similar study in which researchers experimented with objects much simpler than human bodies – and the results were, to put it mildly, far from ideal. Visualizing objects using a Wi-Fi signal: the less pronounced the edges, the worse it turns out. Source Its also important to note that the model built by the Carnegie Mellon University researchers is significantly less accurate than the original method of recognizing poses in photographs, and also exhibits quite serious hallucinations. The model has particular difficulty with unusual poses or scenes involving more than two people. The Wi-Fi-DensePose model does not do a good job of handling non-standard poses or large numbers of human bodies in a single scene. Source In addition, the test conditions in the study were meticulously controlled: a simple, well-defined geometry, a clear line of sight between the transmitter and receiver, minimal radio signal interference – the researchers set up everything so they could easily penetrate the scene with radio waves. This ideal scenario is unlikely to be replicated in the real world. So if youre worried about someone hacking into your Wi-Fi router and monitoring what you do at home, relax. If theres anything to be concerned about in your home, its household appliances. For example, smart pet feeders or even childrens toys have cameras, microphones, and cloud connectivity, while robot vacuum cleaners even have lidars that work flawlessly in the dark, as well as the ability to move around. And just outside, another spy is waiting for you – a four-wheeled one. In terms of the amount of information they collect, todays cars are miles ahead of smartwatches, smart speakers, and other everyday gadgets.

image for How Did Authorities ...

 A Little Sunshine

Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how   show more ...

they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. Dmitry Yuryevich Khoroshev. Image: treasury.gov. On May 7, the U.S. Department of Justice indicted Khoroshev on 26 criminal counts, including extortion, wire fraud, and conspiracy. The government alleges Khoroshev created, sold and used the LockBit ransomware strain to personally extort more than $100 million from hundreds of victim organizations, and that LockBit as a group extorted roughly half a billion dollars over four years. Federal investigators say Khoroshev ran LockBit as a “ransomware-as-a-service” operation, wherein he kept 20 percent of any ransom amount paid by a victim organization infected with his code, with the remaining 80 percent of the payment going to LockBit affiliates responsible for spreading the malware. Financial sanctions levied against Khoroshev by the U.S. Department of the Treasury listed his known email and street address (in Voronezh, in southwest Russia), passport number, and even his tax ID number (hello, Russian tax authorities). The Treasury filing says Khoroshev used the emails sitedev5@yandex.ru, and khoroshev1@icloud.com. According to DomainTools.com, the address sitedev5@yandex.ru was used to register at least six domains, including a Russian business registered in Khoroshev’s name called tkaner.com, which is a blog about clothing and fabrics. A search at the breach-tracking service Constella Intelligence on the phone number in Tkaner’s registration records  — 7.9521020220 — brings up multiple official Russian government documents listing the number’s owner as Dmitri Yurievich Khoroshev. Another domain registered to that phone number was stairwell[.]ru, which at one point advertised the sale of wooden staircases. Constella finds that the email addresses webmaster@stairwell.ru and admin@stairwell.ru used the password 225948. DomainTools reports that stairwell.ru for several years included the registrant’s name as “Dmitrij Ju Horoshev,” and the email address pin@darktower.su. According to Constella, this email address was used in 2010 to register an account for a Dmitry Yurievich Khoroshev from Voronezh, Russia at the hosting provider firstvds.ru. Image: Shutterstock. Cyber intelligence firm Intel 471 finds that pin@darktower.ru was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Pin was active on Opensc around March 2012, and authored 13 posts that mostly concerned data encryption issues, or how to fix bugs in code. Other posts concerned custom code Pin claimed to have written that would bypass memory protections on Windows XP and Windows 7 systems, and inject malware into memory space normally allocated to trusted applications on a Windows machine. Pin also was active at that same time on the Russian-language security forum Antichat, where they told fellow forum members to contact them at the ICQ instant messenger number 669316. NEROWOLFE A search on the ICQ number 669316 at Intel 471 shows that in April 2011, a user by the name NeroWolfe joined the Russian cybercrime forum Zloy using the email address d.horoshev@gmail.com, and from an Internet address in Voronezh, RU. Constella finds the same password tied to webmaster@stairwell.ru (225948) was used by the email address 3k@xakep.ru, which Intel 471 says was registered to more than a dozen NeroWolfe accounts across just as many Russian cybercrime forums between 2011 and 2015. NeroWolfe’s introductory post to the forum Verified in Oct. 2011 said he was a system administrator and C++ coder. “Installing SpyEYE, ZeuS, any DDoS and spam admin panels,” NeroWolfe wrote. This user said they specialize in developing malware, creating computer worms, and crafting new ways to hijack Web browsers. “I can provide my portfolio on request,” NeroWolfe wrote. “P.S. I don’t modify someone else’s code or work with someone else’s frameworks.” In April 2013, NeroWolfe wrote in a private message to another Verified forum user that he was selling a malware “loader” program that could bypass all of the security protections on Windows XP and Windows 7. “The access to the network is slightly restricted,” NeroWolfe said of the loader, which he was selling for $5,000. “You won’t manage to bind a port. However, it’s quite possible to send data. The code is written in C.” In an October 2013 discussion on the cybercrime forum Exploit, NeroWolfe weighed in on the karmic ramifications of ransomware. At the time, ransomware-as-a-service didn’t exist yet, and many members of Exploit were still making good money from “lockers,” relatively crude programs that locked the user out of their system until they agreed to make a small payment (usually a few hundred dollars via prepaid Green Dot cards). Lockers, which presaged the coming ransomware scourge, were generally viewed by the Russian-speaking cybercrime forums as harmless moneymaking opportunities, because they usually didn’t seek to harm the host computer or endanger files on the system. Also, there were still plenty of locker programs that aspiring cybercriminals could either buy or rent to make a steady income. NeroWolfe reminded forum denizens that they were just as vulnerable to ransomware attacks as their would-be victims, and that what goes around comes around. “Guys, do you have a conscience?,” NeroWolfe wrote. “Okay, lockers, network gopstop aka business in Russian. The last thing was always squeezed out of the suckers. But encoders, no one is protected from them, including the local audience.” If Khoroshev was ever worried that someone outside of Russia might be able to connect his early hacker handles to his real life persona, that’s not clear from reviewing his history online. In fact, the same email address tied to so many of NeroWolfe’s accounts on the forums — 3k@xakep.ru — was used in 2011 to create an account for a Dmitry Yurevich Khoroshev on the Russian social media network Vkontakte. NeroWolfe seems to have abandoned all of his forum accounts sometime in 2016. In November 2016, an exploit[.]ru member filed an official complaint against NeroWolfe, saying NeroWolfe had been paid $2,000 to produce custom code but never finished the project and vanished. It’s unclear what happened to NeroWolfe or to Khoroshev during this time. Maybe he got arrested, or some close associates did. Perhaps he just decided it was time to lay low and hit the reset on his operational security efforts, given his past failures in this regard. It’s also possible NeroWolfe landed a real job somewhere for a few years, fathered a child, and/or had to put his cybercrime career on hold. PUTINKRAB Or perhaps Khoroshev saw the coming ransomware industry for the endless pot of gold that it was about to become, and then dedicated himself to working on custom ransomware code. That’s what the government believes. The indictment against Khoroshev says he used the hacker nickname Putinkrab, and Intel 471 says this corresponds to a username that was first registered across three major Russian cybercrime forums in early 2019. KrebsOnSecurity could find no obvious connections between Putinkrab and any of Khoroshev’s older identities. However, if Putinkrab was Khoroshev, he would have learned from his past mistakes and started fresh with a new identity (which he did). But also, it is likely the government hasn’t shared all of the intelligence it has collected against him (more on that in a bit). Putinkrab’s first posts on the Russian cybercrime forums XSS, Exploit and UFOLabs saw this user selling ransomware source code written in C. A machine-translated ad for ransomware source code from Putinkrab on the Russian language cybercrime forum UFOlabs in 2019. Image: Ke-la.com. In April 2019, Putkinkrab offered an affiliate program that would run on top of his custom-made ransomware code. “I want to work for a share of the ransoms: 20/80,” Putinkrab wrote on Exploit. “20 percent is my percentage for the work, you get 80% of the ransoms. The percentage can be reduced up to 10/90 if the volumes are good. But now, temporarily, until the service is fully automated, we are working using a different algorithm.” Throughout the summer of 2019, Putinkrab posted multiple updates to Exploit about new features being added to his ransomware strain, as well as novel evasion techniques to avoid detection by security tools. He also told forum members he was looking for investors for a new ransomware project based on his code. In response to an Exploit member who complained that the security industry was making it harder to profit from ransomware, Putinkrab said that was because so many cybercriminals were relying on crappy ransomware code. “The vast majority of top antiviruses have acquired behavioral analysis, which blocks 95% of crypto-lockers at their root,” Putinkrab wrote. “Cryptolockers made a lot of noise in the press, but lazy system administrators don’t make backups after that. The vast majority of cryptolockers are written by people who have little understanding of cryptography. Therefore, decryptors appear on the Internet, and with them the hope that files can be decrypted without paying a ransom. They just sit and wait. Contact with the owner of the key is lost over time.” Putinkrab said he had every confidence his ransomware code was a game-changer, and a huge money machine. “The game is just gaining momentum,” Putinkrab wrote. “Weak players lose and are eliminated.” The rest of his response was structured like a poem: “In this world, the strongest survive. Our life is just a struggle. The winner will be the smartest, Who has his head on his shoulders.” Putinkrab’s final post came on August 23, 2019. The Justice Department says the LockBit ransomware affiliate program was officially launched five months later. From there on out, the government says, Khoroshev adopted the persona of LockBitSupp. In his introductory post on Exploit, LockBit’s mastermind said the ransomware strain had been in development since September 2019. The original LockBit malware was written in C (a language that NeroWolfe excelled at). Here’s the original description of LockBit, from its maker: “The software is written in C and Assembler; encryption is performed through the I/O Completion Port; there is a port scanning local networks and an option to find all DFS, SMB, WebDAV network shares, an admin panel in Tor, automatic test decryption; a decryption tool is provided; there is a chat with Push notifications, a Jabber bot that forwards correspondence and an option to terminate services/processes in line which prevent the ransomware from opening files at a certain moment. The ransomware sets file permissions and removes blocking attributes, deletes shadow copies, clears logs and mounts hidden partitions; there is an option to drag-and-drop files/folders and a console/hidden mode. The ransomware encrypts files in parts in various places: the larger the file size, the more parts there are. The algorithms used are AES + RSA. You are the one who determines the ransom amount after communicating with the victim. The ransom paid in any currency that suits you will be transferred to your wallets. The Jabber bot serves as an admin panel and is used for banning, providing decryption tools, chatting – Jabber is used for absolutely everything.” CONCLUSION Does the above timeline prove that NeroWolfe/Khoroshev is LockBitSupp? No. However, it does indicate Khoroshev was for many years deeply invested in countless schemes involving botnets, stolen data, and malware he wrote that others used to great effect. NeroWolfe’s many private messages from fellow forum members confirm this. NeroWolfe’s specialty was creating custom code that employed novel stealth and evasion techniques, and he was always quick to volunteer his services on the forums whenever anyone was looking help on a malware project that called for a strong C or C++ programmer. Someone with those qualifications — as well as demonstrated mastery of data encryption and decryption techniques — would have been in great demand by the ransomware-as-a-service industry that took off at around the same time NeroWolfe vanished from the forums. Someone like that who is near or at the top of their game vis-a-vis their peers does not simply walk away from that level of influence, community status, and potential income stream unless forced to do so by circumstances beyond their immediate control. It’s important to note that Putinkrab didn’t just materialize out of thin air in 2019 — suddenly endowed with knowledge about how to write advanced, stealthy ransomware strains. That knowledge clearly came from someone who’d already had years of experience building and deploying ransomware strains against real-life victim organizations. Thus, whoever Putinkrab was before they adopted that moniker, it’s a safe bet they were involved in the development and use of earlier, highly successful ransomware strains. One strong possible candidate is Cerber ransomware, the most popular and effective affiliate program operating between early 2016 and mid-2017. Cerber thrived because it emerged as an early mover in the market for ransomware-as-a-service offerings. In February 2024, the FBI seized LockBit’s cybercrime infrastructure on the dark web, following an apparently lengthy infiltration of the group’s operations. The United States has already indicted and sanctioned at least five other alleged LockBit ringleaders or affiliates, so presumably the feds have been able to draw additional resources from those investigations. Also, it seems likely that the three national intelligence agencies involved in bringing these charges are not showing all of their cards. For example, the Treasury documents on Khoroshev mention a single cryptocurrency address, and yet experts interviewed for this story say there are no obvious clues connecting this address to Khoroshev or Putinkrab. But given that LockBitSupp has been actively involved in Lockbit ransomware attacks against organizations for four years now, the government almost certainly has an extensive list of the LockBit leader’s various cryptocurrency addresses — and probably even his bank accounts in Russia. And no doubt the money trail from some of those transactions was traceable to its ultimate beneficiary (or close enough). Not long after Khoroshev was charged as the leader of LockBit, a number of open-source intelligence accounts on Telegram began extending the information released by the Treasury Department. Within hours, these sleuths had unearthed more than a dozen credit card accounts used by Khoroshev over the past decade, as well as his various bank account numbers in Russia. The point is, this post is based on data that’s available to and verifiable by KrebsOnSecurity. Woodward & Bernstein’s source in the Watergate investigation — Deep Throat — famously told the two reporters to “follow the money.” This is always excellent advice. But these days, that can be a lot easier said than done — especially with people who a) do not wish to be found, and b) don’t exactly file annual reports.

 Expert Blogs and Opinion

Cybersecurity experts at the RSA Conference highlighted the growing sophistication of cyber threats, including the expanding attack surface, identity-based attacks leveraging AI-generated deepfakes, and the use of generative AI to create malware.

 Geopolitical, Terrorism

Security researchers have discovered a major new Russian disinformation campaign using generative AI (GenAI) to “plagiarize and weaponize” content from major news organizations, in a bid to influence Western voters.

 Malware and Vulnerabilities

The malicious package, called "requests-darwin-lite", was a fork of the popular "requests" Python package. The attacker used the cmdclass feature in the setup.py file to customize the package installation process.

 Security Products & Services

Nmap 7.95 introduces a substantial update with 336 new signatures, expanding the total to 6,036. Notable additions include support for the latest iOS versions 15 & 16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2.

 Geopolitical, Terrorism

Biden administration officials lowered expectations about the discussions during a call with reporters, saying the talks were "not focused on promoting any technical cooperation" between the two world superpowers on AI or emerging technologies.

 Feed

Debian Linux Security Advisory 5688-1 - It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened.

 Feed

Debian Linux Security Advisory 5687-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-4671 exists in the wild.

 Feed

This Metasploit module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default bal user. As such, if the file is   show more ...

overwritten with an arbitrary file, it will still auto-elevate. This module overwrites the /bin/loadkeys file with another executable.

 Feed

Gentoo Linux Security Advisory 202405-32 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.10.0 are affected.

 Feed

Red Hat Security Advisory 2024-2822-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-2821-03 - An update for bind and dhcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

 Feed

Red Hat Security Advisory 2024-2817-03 - An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

 Feed

Red Hat Security Advisory 2024-2816-03 - An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

 Feed

Red Hat Security Advisory 2024-2815-03 - An update is now available for Red Hat OpenShift GitOps v1.11.4 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

 Feed

In mmu_insert_pages_no_flush(), when a HUGE_HEAD page is mapped to a 2M aligned GPU address, this is done by creating an Address Translation Entry (ATE) at MIDGARD_MMU_LEVEL(2) (in other words, an ATE covering 2M of memory is created). This is wrong because it assumes that at least 2M of memory should be mapped.   show more ...

mmu_insert_pages_no_flush() can be called in cases where less than that should be mapped, for example when creating a short alias of a big native allocation. Later, when kbase_mmu_teardown_pgd_pages() tries to tear down this region, it will detect that unmapping a subsection of a 2M ATE is not possible and write a log message complaining about this, but then proceed as if everything was fine while leaving the ATE intact. This means the higher-level code will proceed to free the referenced physical memory while the ATE still points to it.

 Feed

Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control (C2) framework within a PNG image of the project's logo.  The package employing this steganographic trickery is requests-darwin-lite, which has been

 Feed

With the browser becoming the most prevalent workspace in the enterprise, it is also turning into a popular attack vector for cyber attackers. From account takeovers to malicious extensions to phishing attacks, the browser is a means for stealing sensitive data and accessing organizational systems. Security leaders who are planning their security architecture

 Feed

In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts

 Feed

Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT

 Feed

The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022. In a joint advisory published by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS

 Feed

The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments. "The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to mitigate them," the non-profit said

2024-05
Aggregator history
Monday, May 13
WED
THU
FRI
SAT
SUN
MON
TUE
MayJuneJuly