Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for The Cyber Express Se ...

 Cybersecurity News

This May, the heartbeat of the cybersecurity industry will resonate through Dubai, where The Cyber Express is set to host the much-anticipated third iteration of the World CyberCon META Edition 2024.   Scheduled for May 23, 2024, at Habtoor Palace Dubai, this premier event promises a comprehensive day filled with   show more ...

immersive experiences tailored to address the dynamic challenges and innovations in cybersecurity.  This year’s theme, "Securing Middle East’s Digital Future: Challenges and Solutions," lays the foundation for a unique gathering that is crucial for any professional navigating the cybersecurity landscape.   The World CyberCon META Edition will feature a stellar lineup of more than 40 prominent Chief Information Security Officers (CISOs) and other cybersecurity leaders who will share invaluable insights and strategies. Notable speakers include:  Sithembile (Nkosi) Songo, CISO, ESKOM   Dina Alsalamen, VP, Head of Cyber and Information Security Department, Bank ABC   Anoop Kumar, Head of Information Security Governance Risk & Compliance, Gulf News   Irene Corpuz, Cyber Policy Expert, Dubai Government Entity, Board Member, and Co-Founder, Women in Cyber Security Middle East (WiCSME)    Abhilash Radhadevi, Head of Cybersecurity, OQ Trading   Ahmed Nabil Mahmoud, Head of Cyber Defense and Security Operations, Abu Dhabi Islamic Bank  The World CyberCon META Edition 2024 [caption id="attachment_68285" align="alignnone" width="1140"] Highlights from the 2023 World CyberCon in Mumbai.[/caption] A Comprehensive Platform for Learning & Innovation  The World CyberCon META Edition 2024 promises a rich agenda with topics ranging from the nuances of national cybersecurity strategies to the latest in threat intelligence and protection against advanced threats. Discussions will span a variety of crucial subjects including:  Securing a Digital UAE: National Cybersecurity Strategy  Predictive Cyber Threat Intelligence: Anticipating Tomorrow’s Attacks Today  Navigating the Cyber Threat Terrain: Unveiling Innovative Approaches to Cyber Risk Scoring  Fortifying Against Ransomware: Robust Strategies for Prevention, Mitigation, and Swift Recovery  Strategic Investments in Cybersecurity: Leveraging AI and ML for Enhanced Threat Detection  Who Should Attend?  The World CyberCon META Edition 2024 is tailored for CISOs, CIOs, CTOs, security auditors, heads of IT, cybercrime specialists, and network engineers. It’s an invaluable opportunity for those invested in the future of internet safety to gain insights, establish connections, and explore new business avenues.  Engage and Network  In addition to knowledge sessions, the conference will feature interactive workshops, an engaging exhibition zone, and plenty of networking opportunities. This event is set to honor the significant contributions of cybersecurity professionals and provide them with the recognition they deserve.  Secure Your Place  Don’t miss this unique chance to connect with leading professionals and gain insights from the forefront of cybersecurity. Reserve your spot at World CyberCon META Edition 2024 by visiting (https://thecyberexpress.com/cyber-security-events/world-cybercon-3rd-edition-meta/).  More Information  For more details on the event sponsorship opportunities and delegate passes, please contact Ashish Jaiswal at ashish.j@thecyberexpress.com.  About The Cyber Express  Stay informed with TheCyberExpress.com, your essential source for cybersecurity news, insights, and resources, dedicated to empowering you with the knowledge needed to protect your digital assets.   Join us in shaping the digital future at World CyberCon META Edition 2024 in Dubai. Let’s secure tomorrow together! 

image for Hackers Exploit Unpa ...

 Cybersecurity News

Hackers exploited an unpatched remote access server vulnerability in the Helsinki education division data breach to scour through records of 80,000 students, their guardians, and all of administrative personnel. The City of Helsinki detected the data breach on April 30, promptly initiating an investigation that found   show more ...

the hacker had gained access to student and personnel usernames and email addresses. Hannu Heikkinen, the chief digital officer of the City of Helsinki, in a Monday press conference said, “Further investigation has shown that the perpetrator has gained access to the usernames and email addresses of all city personnel, as well as the personal IDs and addresses of students, guardians and personnel from the Education Division.” “Additionally, the perpetrator has also gained access to content on network drives belonging to the Education Division,” Heikkinen said. “This is a very serious data breach, with possible, unfortunate consequences for our customers and personnel,” said City Manager Jukka-Pekka Ujula. “We regret this situation deeply.” Helsinki Education Division Data Breach Linked to Remote Access Bug The preliminary investigation found out that the Helsinki Education Division data breach was possible due to a vulnerability in a remote access server. “The server had a vulnerability which the culprit was able to exploit to connect to the Education Division network.” The city authorities did not reveal the name of the remote access server but said a hotfix patch was available at the time of exploitation, but why it was not installed on the server is currently unknown. “Our security update and device maintenance controls and procedures have been insufficient,” said Heikkinen. The breach targeted an extensive group, with most of the network drive data – comprising of tens of millions of files - containing non-identifying information or ordinary personal data, minimizing potential abuse, according to the city authorities. However, some files include confidential or sensitive personal data such as fees for early childhood education customers, children's status information like information requests by student welfare or information about the need of special support and medical certificates regarding the suspension of studies for upper secondary students, and sick leave records of Education Division personnel. The data breach also includes historical customer and personnel data. Meaning, even if an individual is not currently a customer or a member of staff at the Education Division, the hacker may still have accessed their data. “Considering the number of users in the city’s services now and in previous years, in the worst case, this data breach affects over 80,000 students and their guardians,” Ujula said. Satu Järvenkallas, executive director of the Education Division, said the authorities are currently unable to provide an accurate assessment of what data the hacker may have accessed as “the volume of data under investigation is significant.” VPN Gateways, Network Edge Devices Need ‘Special Attention’ The City officials immediately notified the Data Protection Ombudsman, the Finnish Police, and Traficom’s National Cyber Security Centre after the discovery of the data breach at the Helsinki’s Education Division. Traficom’s cybersecurity center acknowledged the notification and said it was supporting the City of Helsinki in investigating the case. “The data breach that targeted the City of Helsinki is exceptionally large for its size in the municipal sector. The case affects many Finns and causes great concern,” it said on platform X (formerly known as Twitter). Critical vulnerabilities in network edge devices like this pose a risk to organizations' cybersecurity, said Traficom’s NCSC. Exploiting the vulnerabilities of VPN products intended for establishing secure remote connections, it is also possible for parties outside the organization to gain access to the internal networks, “especially if other measures to limit the attack are not in use,” it added. “Severe and easy-to-exploit vulnerabilities have been detected in the network edge devices of many major device manufacturers, such as VPN gateways, in the past six months,” said Samuli Bergström, the director of the cybersecurity center. “That is why it is important that special attention is paid to resources and expertise in organizations.” A very recent example of one such VPN appliance abuse is the zero-day exploitation in Ivanti VPN products, Ivanti Connect Secure (formerly Pulse Secure) and Ivanti Policy Secure gateways. Chinese state-backed hackers used two zero-day vulnerabilities in these products: an authentication bypass (CVE-2023-46805) and a command injection (CVE-2024-21887) bug to compromise several organizations including MITRE. “Reaction to the data breach has been quick and all the necessary resources are being and will be used on protective measures. This is the highest priority for the city’s senior management,” Ujula said. “After the breach, we have taken measures to ensure that a similar breach is no longer possible,” Heikkinen added. “We have not discovered evidence that the perpetrator would have accessed the networks or data of other divisions. However, we are monitoring all City of Helsinki networks closely.” Information for affected individuals is available via the Traficom’s Cybersecurity Centre website, data breach customer service, crisis emergency services and MIELI Mental Health Finland. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Cybersecurity Concer ...

 Cybersecurity News

The field of Artificial Intelligence is rapidly evolving, and OpenAI's ChatGPT is a leader in this revolution. This groundbreaking large language model (LLM) redefined the expectations for AI. Just 18 months after its initial launch, OpenAI has released a major update: GPT-4o. This update widens the gap between   show more ...

OpenAI and its competitors, especially the likes of Google. OpenAI unveiled GPT-4o, with the "o" signifying "omni," during a live stream earlier this week. This latest iteration boasts significant advancements across various aspects. Here's a breakdown of the key features and capabilities of OpenAI's GPT-4o. Features of GPT-4o Enhanced Speed and Multimodality: GPT-4o operates at a faster pace than its predecessors and excels at understanding and processing diverse information formats – written text, audio, and visuals. This versatility allows GPT-4o to engage in more comprehensive and natural interactions. Free Tier Expansion: OpenAI is making AI more accessible by offering some GPT-4o features to free-tier users. This includes the ability to access web-based information during conversations, discuss images, upload files, and even utilize enterprise-grade data analysis tools (with limitations). Paid users will continue to enjoy a wider range of functionalities. Improved User Experience: The blog post accompanying the announcement showcases some impressive capabilities. GPT-4o can now generate convincingly realistic laughter, potentially pushing the boundaries of the uncanny valley and increasing user adoption. Additionally, it excels at interpreting visual input, allowing it to recognize sports on television and explain the rules – a valuable feature for many users. However, despite the new features and capabilities, the potential misuse of ChatGPT is still on the rise. The new version, though deemed safer than the previous versions, is still vulnerable to exploitation and can be leveraged by hackers and ransomware groups for nefarious purposes. Talking about the security concerns regarding the new version, OpenAI shared a detailed post about the new and advanced security measures being implemented in GPT-4o. Security Concerns Surround ChatGPT 4o The implications of ChatGPT for cybersecurity have been a hot topic of discussion among security leaders and experts as many worry that the AI software can easily be misused. Since its inception in November 2022, several organizations such as Amazon, JPMorgan Chase & Co., Bank of America, Citigroup, Deutsche Bank, Goldman Sachs, Wells Fargo and Verizon have restricted access or blocked the use of the program citing security concerns. In April 2023, Italy became the first country in the world to ban ChatGPT after accusing OpenAI of stealing user data. These concerns are not unfounded. OpenAI Assures Safety OpenAI reassured people that GPT-4o has "new safety systems to provide guardrails on voice outputs," plus extensive post-training and filtering of the training data to prevent ChatGPT from saying anything inappropriate or unsafe. GPT-4o was built in accordance with OpenAI's internal Preparedness Framework and voluntary commitments. More than 70 external security researchers red teamed GPT-4o before its release. In an article published on its official website, OpenAI states that its evaluations of cybersecurity do not score above “medium risk.” “GPT-4o has safety built-in by design across modalities, through techniques such as filtering training data and refining the model’s behavior through post-training. We have also created new safety systems to provide guardrails on voice outputs. Our evaluations of cybersecurity, CBRN, persuasion, and model autonomy show that GPT-4o does not score above Medium risk in any of these categories,” the post said. “This assessment involved running a suite of automated and human evaluations throughout the model training process. We tested both pre-safety-mitigation and post-safety-mitigation versions of the model, using custom fine-tuning and prompts, to better elicit model capabilities,” it added. OpenAI shared that it also employed the services of over 70 experts to identify risks and amplify safety. “GPT-4o has also undergone extensive external red teaming with 70+ external experts in domains such as social psychology, bias and fairness, and misinformation to identify risks that are introduced or amplified by the newly added modalities. We used these learnings to build out our safety interventions in order to improve the safety of interacting with GPT-4o. We will continue to mitigate new risks as they’re discovered,” it said. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Dark Web Hacker Clai ...

 Dark Web News

The IntelBroker hacker has allegedly leaked a database belonging to the National Parent Teacher Association (PTA), a cornerstone of child advocacy in America since its establishment in 1897. The National Parent Teacher Association breach, which occurred in March, was posted by the threat actor on May 13, 2024.  Over   show more ...

70,000 records of registered users, comprising a wealth of sensitive data, were reportedly compromised in this PTA data breach. The leaked data, disclosed on nuovo BreachForums, includes a trove of information ranging from personal identifiers to financial details.  Dark Web Hacker Discloses National Parent Teacher Association Breach  Among the exposed data are insured data, college information, client lists, medical insurance records, and payment information. This PTA data breach not only poses a threat to the privacy and security of individuals but also raises concerns about the misuse of such sensitive information. [caption id="attachment_68309" align="alignnone" width="861"] Source: X[/caption] The impact of this breach extends beyond the confines of the PTA itself, affecting individuals across the United States, particularly in the North American region. With PTA.org being the primary platform for engagement, the breach, if true, can have severe consequences.  The post on BreachForums by the IntelBroker hacker, titled "Parent Teacher Association Database, Leaked - Download!" and timestamped May 13, 2024, provides insights into the extent of the PTA data breach. The threat actor proudly claims responsibility for the breach alongside an entity named GodLike. The data dump shared by IntelBroker reveals intricate details, including identifiers, addresses, contact information, and policy-related data. Cyberattack on Educational Institutions The Cyber Express reached out to the National Parent Teacher Association for clarification and response regarding the breach. However, at the time of writing this, no official statement or response has been received. Moreover, this isn’t the first time a student-centric organization was targeted in a cyberattack. Educational institutions, from K-12 schools to universities, store vast amounts of personal data, making them prime targets for cyberattacks. The educational sector witnessed a 258% surge in incidents in 2023, with 1,537 confirmed data disclosures, often attributed to vulnerabilities like MOVEit. Ransomware remains a major external threat, while internal risks stem from uninformed users and overworked staff.  Attacks, primarily financially motivated, exploit the emotionally fraught nature of personal data exposure. Common attacks include data breaches, ransomware, BEC, DDoS, and online invasions. Recent high-profile attacks, like those on the University of Manchester and the University of California, highlight the urgent need for enhanced cybersecurity measures in educational institutions. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Credibility in Quest ...

 Dark Web News

A threat actor using the alias qpwomsx has claimed responsibility for an alleged data breach affecting the popular Indian online shopping platform, Meesho. However, the legitimacy of this Meesho data breach is under scrutiny, as the threat actor seems to have reposted data from 2020 and only joined the platform in May   show more ...

2024, raising questions about their credibility. On Nuovo BreachForums, qpwomsx displayed what they claimed was a database from Meesho, presenting snippets of data as proof. These excerpts, which included names, email addresses, and phone numbers, initially raised concerns. However, upon closer examination, a twist emerged: the sample records provided were identical to those from the 2020 IndiaMART database leak, which affected about 38 million user records. This discovery casts significant doubt on the credibility of qpwomsx's claims about a Meesho data breach. Unconfirmed Meesho Data Breach Surfaces on Dark Web [caption id="attachment_68336" align="alignnone" width="1333"] Source: Dark Web[/caption] The discrepancies didn't end there. The Cyber Express further analyzed the claims and found inconsistencies within the data itself. Specifically, discrepancies between names and associated phone numbers raised red flags. Given qpwomsx's brief tenure on the platform and apparent credibility issues, discerning the authenticity of the Meesho data breach becomes a daunting task. However, examining the stolen data paints a perplexing situation as the majority of the email addresses are valid and deliverable. Along with the emails, the data appears to be a compilation of personal information belonging to individuals, predominantly based in India.  Alongside names, email addresses, and phone numbers, additional details such as location and workplace affiliations were also included. However, the presence of "null" values suggests potential gaps or inaccuracies within the dataset. The IndiaMART Data Breach Link The Cyber Express has reached out to the e-commerce giant to learn more about this alleged Meesho data leak. However, at the time of writing this, no official statement or response has been shared, leaving the claims for the data breach unverified.  Moreover, parallels emerge between the purported Meesho breach and the 2020 IndiaMART data leak, which exposed sensitive information from over 40,000 suppliers. IndiaMART, a prominent business-to-business e-commerce platform, was also targeted in a cyberattack in 2020. Despite assertions from the company that only basic contact information is publicly available, cybersecurity researchers found an extensive exposure of sensitive data. Interestingly, the stolen data from the IndiaMART data leak is similar to the current Meesho data breach, raising concerns about the authenticity of the leak and the motives behind it.  This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged Meesho data breach or any official confirmation from the Indian e-commerce giant. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for R00TK1T Group Intens ...

 Cybersecurity News

In the latest twist of the cyber warfare between Anonymous Egypt group and R00TK1T hackers, the latter has turned up the heat on Egyptian soil, accusing the Anonymous Egypt group of content theft. In a dark web post, R00TK1T has vowed to intensify cyberattacks on Egypt, targeting major infrastructure and organizations   show more ...

within the nation.  The retaliation was swift and severe — starting the attacks with cyber assaults on the Ministry of Supply and Internal Trade in Egypt and a prominent software company with operations in Egypt.  The hacker used the same methods to target all the alleged victims and left several messages on their data leak channel, condemning the Anonymous Egypt group, stating, “Anonymous Egypt made a grave mistake thinking they could outsmart us. Now, it's time to show them the true power of our skills. ” R00TK1T's Cyberattacks on Egypt Post Anonymous Egypt Confrontation [caption id="attachment_68271" align="alignnone" width="431"] Source: Dark Web[/caption] In a declaration on dark web, R00TK1T proclaimed, "Security Is Just An Illusion, Privacy Is Just Another Illusion." They warned of impending chaos, signaling their determination to disrupt the status quo. Their message resonated with defiance: "F*ck Society & The System! We Are R00TK1T Will Be Anywhere Anytime!" The Ministry of Supply and Internal Trade was among the first victims that allegedly fell prey to R00TK1T's infiltration, with the group proudly flaunting evidence of their access to the ministry's most secure networks.  [caption id="attachment_68095" align="alignnone" width="522"] Source: X[/caption] As images surfaced, showcasing the depth of their intrusion, it became clear that R00TK1T's retaliation was not against the hacker group but the whole of Egypt.  R00TK1T Cyberattacks Intensifies  [caption id="attachment_68274" align="alignnone" width="443"] Source: X[/caption] But these cyberattacks on Egyptian companies didn't end there. CorporateStack, a renowned company specializing in digital transformation solutions, also fell victim to an alleged cyberattack by the hacker group.  With clients like Bentley, Vodafone, and Hexa, CorporateStack was a prime target for R00TK1T's message: no entity was beyond their reach. The group's infiltration into CorporateStack's systems sent a clear message to businesses operating in Egypt.  This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged cyberattacks on Egypt by the hacker group or any official confirmation from the organizations listed by R00TK1T hackers.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Millions of IoT Devi ...

 Firewall Daily

Millions of Internet of Things (IoT) devices present across the industrial, healthcare, automotive, financial, and telecommunication sectors are at significant risk due to several vulnerabilities in a widely-used cellular modem technology. These Cinterion Modem Vulnerabilities, found in modems manufactured by Telit   show more ...

Cinterion, pose severe threats to device integrity and network security. Telit Cinterion, is an Internet of Things (IoT) technology provider company headquartered in Irvine, California, United States. It provides various edge-to-cloud IoT services such as connectivity plans, IoT SIMs, IoT embedded software and PaaS IoT deployment managed services. The newly discovered vulnerabilities pose significant risks to communication networks and IoT devices, potentially leading to extensive global disruption.  Several Cinterion Modem Vulnerabilities Discovered The findings by Kaspersky researchers were first presented at the OffensiveCon international security conference held recently in Berlin. The findings disclosed the identification of several critical vulnerabilities in Cinterion modems integrated into a wide range of IoT devices. These vulnerabilities include remote code execution (RCE) and unauthorized privilege escalation flaws that exist in user applications (MIDlets) and the OEM-bundled firmware integrated with the modems. The most severe vulnerability, CVE-2023-47610, is a memory heap overflow that allows attackers to remotely execute arbitrary commands through specially crafted SMS messages on affected devices, without requiring further authentication or any physical access. This vulnerability can also unlock access to special AT commands, enabling attackers to read and write to the modem's RAM and flash memory. The researchers demonstrated its existence by developing their own SMS-based File System, which they installed on the modem by exploiting the identified vulnerability. This allowed the researchers to then remotely activate OTA (Over The Air Provisioning) to install arbitrary MIDlets, that were protected from removal by standard mechanisms, and required a full reflash of the firmware for removal. In addition to the RCE vulnerability, researchers also identified several security issues in user applications called MIDlets and the OEM-bundled firmware of the modems. These vulnerabilities, assigned CVE-2023-47611 through CVE-2023-47616, could potentially allow attackers with physical access to the modem to compromise the confidentiality and integrity of user MIDlets, execute unauthorized code, extract and substitute digital signatures, and elevate execution privileges of user MIDlets to the manufacturer level. The researchers reported these vulnerabilities to Telit Cinterion last November and while the company has issued patches for some of the flaws, not all of them have been addressed, leaving millions of devices still at risk. The modems are embedded in various IoT products, including industrial equipment, smart meters, telematics systems, and medical devices, making it challenging to compile a comprehensive list of affected products. To mitigate potential threats, organizations are advised to disable non-essential SMS messaging capabilities, employ private Access Point Names (APNs), control physical access to devices, and conduct regular security audits and updates. Rising Concerns Over IoT Security The discovery of these vulnerabilities highlights a growing concern over the security of IoT environments, especially in industrial control and operational technology settings. An analysis of 2023 threat data by Nozomi Networks noted a significant increase in attacks targeting IoT and OT networks, driven by a rise in IoT vulnerabilities. Previous incidents, such as the 9 vulnerabilities found in industrial routers by Robustel R1510, indicate that routers remain a common point of weakness in networks with vulnerabilities such as remote code execution or DDoS flaws that may then be used to potentially spread attacks across connected devices. In conclusion, these vulnerabilities in Cinterion modems necessitate urgent action from both device manufacturers and telecom operators to mitigate risks and protect essential infrastructure. The researchers behind the findings plan to publish a white paper on modem security internals within May 2024, following findings from this study. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Defending against po ...

 Business

Recent reports by Kaspersky experts on the statistics of Managed Detection and Response (MDR) and Incident Response (IR) services for 2023 reveal that most observed cyberattacks employ a handful of techniques that are repeated time and again. These techniques are seen both in attacks that are fully executed and cause   show more ...

damage, as well as in incidents that are stopped in their early stages. We decided to list these techniques based on the ATT&CK framework and summarize expert recommendations for neutralizing them. The frequency of use for each technique and specific examples can be found in the reports themselves. Exploiting public-facing applications ATT&CK Technique: T1190, Tactic: TA0001 (Initial Access) What it is: Exploiting vulnerabilities in one of the organizations applications that is accessible from the internet. Web servers, Exchange servers, database servers, and VPN access points are the most popular targets. Attackers also actively seek out and exploit publicly accessible IT infrastructure control panels – from SSH servers to SNMP. How to protect yourself: Prioritize updating software at the network perimeter and use additional security measures for perimeter services. Close control ports to external access. Regularly scan the external perimeter for vulnerabilities and for applications that have accidentally been granted external access, and revoke it. Install EDR agents and security tools, including on application servers. Phishing ATT&CK Technique: T1566, Tactic: TA0001 (Initial Access) What it is: Mass or targeted distribution of messages via email, SMS, and messaging apps designed to trick company employees into disclosing their credentials or downloading malicious content via a link. How to protect yourself: Raise awareness among all company employees, conduct training sessions, use the latest security solutions for mail servers, and deploy EMM/UEM solutions to protect employees mobile devices, including personal ones. Valid accounts compromised by attackers ATT&CK Technique: T1078, Tactics: TA0001, TA0003, TA0004, TA0005 (Initial Access, Persistence, Privilege Escalation, Defense Evasion) What it is: One of the most effective techniques employed by attackers. During initial network penetration, attackers use employee credentials obtained through purchased leaks or phishing. They then use domain and local accounts found on the compromised computer to develop the attack. How to protect yourself: Implement phishing-resistant multi-factor authentication (MFA) methods, especially for privileged accounts. Adopt the principle of least privilege. Deactivate default accounts (such as guest), and for local administrator accounts, set a unique password for each computer. Use SIEM and XDR to detect anomalous user actions. Brute force ATT&CK Technique: T1110, Tactic: TA0006 (Credential Access) What it is: Attackers can discover passwords for accounts of interest through brute-force attacks or password guessing based on known hashes. A variation of this attack is password spraying, where the same popular passwords are applied to a number of accounts in the hope of finding a user who chose such a weak password. How to protect yourself: Implement password policies that prevent brute-force attacks and apply stricter policies to accounts where MFA cannot be enabled. Limit the number of login attempts across all systems and block the account if the number of attempts is exceeded. Configure SIEM monitoring rules to detect an overall increase in failed authentication attempts. Trusted relationship ATT&CK Technique: T1199, Tactic: TA0001 (Initial Access) What it is: Compromising an organization through its partners and contractors. If a partner is hacked, attackers can use the discovered access points and tools to infiltrate the organization. In practice, hackers most often target IT subcontractors (MSPs, authentication providers, technical support specialists) with administrative access to the organizations systems. How to protect yourself: Regularly audit external access, revoke outdated permissions, apply the principle of least privilege to them, and implement strict password policies and MFA for such accounts. Use network segmentation to restrict external contractors to only the resources they need. Command and scripting interpreter ATT&CK Technique: T1059, Tactic: TA0002 (Execution) What it is: In the vast majority of attacks, attackers need to execute their own code on compromised computers. To avoid attracting attention and using specialized malware, they often use legitimate scripting tools that are already installed on most corporate systems. The most popular of these is Microsoft PowerShell, but there are also attacks using scripts in Visual Basic, Python, and AutoIT, as well as basic Windows and Unix shells (cmd and sh/bash/zsh). How to protect yourself: Use allowlisting to restrict the launch of applications not required on specific computers. Track the launch of script interpreters using XDR and EDR, but keep in mind that the detection logic must be continuously adjusted to the specifics of the organizations IT infrastructure. Account manipulation ATT&CK Technique: T1098, Tactics: TA0003, TA0004 (Persistence, Privilege Escalation) What it is: A wide range of changes that attackers make to accounts they have access to. These changes can include adding an account to privileged groups, enabling deactivated accounts, changing passwords, and modifying permissions for accounts and groups. How to protect yourself: Apply the principle of least privilege, perform regular account inventories, revoke outdated permissions, and block or delete unnecessary accounts. Exploitation of remote services ATT&CK Technique: T1210, Tactic: TA0008 (Lateral Movement) What it is: After compromising one of the computers on the network, attackers scan it for vulnerable applications in order to infect additional computers or gain elevated privileges on them. In 2023, old vulnerabilities in SMB v1 and Exchange Server were quite popular, confirming that IT services are not paying enough attention to fixing vulnerabilities. How to protect yourself: Update client and server applications promptly, disable unnecessary services on all computers, and use network segmentation and the principle of least privilege to limit attackers capabilities even if they manage to exploit a vulnerability. Use security solutions that can detect and block attempts to exploit vulnerabilities. Launching system services ATT&CK Technique: T1569, Tactic: TA0002 (Execution) What it is: In addition to using command shells, attackers often use the launch of system services to execute malicious tasks and establish persistence in the system. The undisputed leader here is PsExec, which can be used to execute a desired task on a remote Windows computer. How to protect yourself: Use XDR or EDR systems that can track anomalous behavior of system services, configure policies to restrict low-privileged users from launching privileged services and installing system software. Bonus track: LOLBins In most stages of an attack, attackers try to use legitimate IT administration tools to blend in with normal network activity and avoid detection. Some cases have already been described above (PowerShell, PsExec), but in a significant number of attacks, attackers also use AnyDesk for management and control, Advanced IP Scanner and SoftPerfect Network Scanner for network scanning, and security testing tools: Mimikatz for privilege escalation, and Cobalt Strike and Metasploit for lateral movement within the network. You can read about protection against the use of LOLBins in this post.

image for Patch Tuesday, May 2 ...

 Time to Patch

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the   show more ...

Chrome Web browser, which just patched its own zero-day flaw. First, the zero-days. CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library. Satnam Narang at Tenable said this flaw is being used as part of post-compromise activity to elevate privileges as a local attacker. “CVE-2024-30051 is used to gain initial access into a target environment and requires the use of social engineering tactics via email, social media or instant messaging to convince a target to open a specially crafted document file,” Narang said. “Once exploited, the attacker can bypass OLE mitigations in Microsoft 365 and Microsoft Office, which are security features designed to protect end users from malicious files.” CVE-2024-30040 is a security feature bypass in MSHTML, a component that is deeply tied to the default Web browser on Windows systems. Microsoft’s advisory on this flaw is fairly sparse, but Kevin Breen from Immersive Labs said this vulnerability also affects Office 365 and Microsoft Office applications. “Very little information is provided and the short description is painfully obtuse,” Breen said of Microsoft’s advisory on CVE-2024-30040. Meanwhile, Kaspersky Lab, one of two companies credited with reporting exploitation of CVE-2024-30040 to Microsoft, has published a fascinating writeup on how they discovered the exploit in a file shared with Virustotal.com. Kaspersky said it has since seen the exploit used together with QakBot and other malware. Emerging in 2007 as a banking trojan, QakBot (a.k.a. Qbot and Pinkslipbot) has morphed into an advanced malware strain now used by multiple cybercriminal groups to prepare newly compromised networks for ransomware infestations. The only vulnerability fixed this month that earned Microsoft’s most-dire “critical” rating is CVE-2024-30044, a flaw in Sharepoint that Microsoft said is likely to be exploited. Tenable’s Narang notes that exploitation of this bug requires an attacker to be authenticated to a vulnerable SharePoint Server with Site Owner permissions (or higher) first and to take additional steps in order to exploit this flaw, which makes this flaw less likely to be widely exploited as most attackers follow the path of least resistance. Five days ago, Google released a security update for Chrome that fixes a zero-day in the popular browser. Chrome usually auto-downloads any available updates, but it still may require a complete restart of the browser to install them. If you use Chrome and see a “Relaunch to update” message in the upper right corner of the browser, it’s time to restart. Apple has just shipped macOS Sonoma 14.5 update, which includes nearly two dozen security patches. To ensure your Mac is up-to-date, go to System Settings, General tab, then Software Update and follow any prompts. Finally, Adobe has critical security patches available for a range of products, including Acrobat, Reader, Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate and Adobe Framemaker. Regardless of whether you use a Mac or Windows system (or something else), it’s always a good idea to backup your data and or system before applying any security updates. For a closer look at the individual fixes released by Microsoft today, check out the complete list over at the SANS Internet Storm Center. Anyone in charge of maintaining Windows systems in an enterprise environment should keep an eye on askwoody.com, which usually has the scoop on any wonky Windows patches.

 Malware and Vulnerabilities

Researchers at Cyble discovered a new ransomware variant called Trinity that employs a double extortion technique and shares similarities with the Venus ransomware, suggesting a potential link or common actor behind these two variants.

 Malware and Vulnerabilities

Upon analyzing Mallox samples, researchers identified two distinct affiliates using different approaches. One focused on exploiting vulnerable assets, while the other aimed at broader compromises of information systems on a larger scale.

 Threat Actors

The Scattered Spider, a group of hackers, has been actively attacking the finance and insurance industries worldwide, using tactics like domain impersonation, SIM swapping, and partnering with the BlackCat ransomware group to breach high-value firms.

 Expert Blogs and Opinion

Red teaming involves employing ethical hackers to rigorously test AI systems for security and safety issues. It is crucial for developing responsible AI that balances innovation and compliance with ethical standards and regulatory requirements.

 Trends, Reports, Analysis

The UK's NCSC and major insurance associations have partnered to help reduce the profitability of ransomware attacks by providing better support and guidance to victims, encouraging resilience, and promoting alternatives to paying ransoms.

 Expert Blogs and Opinion

Tokens are valuable assets for threat actors, as they can be easily obtained through various attack methods and provide unauthorized access to corporate systems without requiring multi-factor authentication.

 Malware and Vulnerabilities

The attack chain required user interaction to execute the malicious email attachment, which then initiated a network callout to the Phorpiex botnet infrastructure to download and detonate the LockBit Black ransomware.

 Trends, Reports, Analysis

Threat actors are using DNS tunneling as a means to scan for network vulnerabilities and check the success of phishing campaigns, according to new research from Palo Alto Networks.

 Malware and Vulnerabilities

The source code of the INC ransomware-as-a-service (RaaS) operation, which has targeted organizations like Xerox Business Solutions, Yamaha Motor Philippines, and Scotland's National Health Service (NHS), is being sold on hacking forums for $300,000.

 Trends, Reports, Analysis

Insider threats, including dishonest actions to obtain benefits through theft or deception, have seen a significant rise in the past year, driven by factors like rising cost of living, remote work, and the increasing sophistication of fraud tactics.

 Feed

Ubuntu Security Notice 6767-2 - Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 6772-1 - Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue to bypass access controls.

 Feed

Red Hat Security Advisory 2024-2833-03 - An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Issues addressed include denial of service and memory leak vulnerabilities.

 Feed

Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used to stealthily keep tabs on them without their knowledge or consent. "This will help mitigate the misuse of devices designed to help keep track of belongings," the companies said in a joint statement, adding it aims to address "

 Feed

The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code. The most severe of the vulnerabilities are listed below - CVE-2024-25641 (CVSS score: 9.1) - An arbitrary file write vulnerability in the "Package Import" feature that

 Feed

Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of authentication sophistication to adequately safeguard organizational data. When deploying

 Feed

Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation. "The incident involves a threat actor overwhelming a user's email with junk and calling the user, offering assistance," Rapid7 researchers Tyler McGraw, Thomas Elkins, and

 Feed

Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version 17.5.2 and

 Feed

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024. Out-of-bounds write bugs could be typically

 Data loss

Security agencies in the United States have issued a new warning about the Black Basta ransomware group, in the wake of a high-profile attack against the healthcare giant Ascension. The cyber attack last week forced the Ascension computer systems offline, and caused some hospital emergency departments to turn away   show more ...

ambulances "in order to ensure emergency cases are triaged immediately." Read more in my article on the Exponential-e blog.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Vivek Ramachandran, CEO & Founder, SquareX Gone are the days when traditional antivirus solutions were the bulwark of endpoint security. In the past, these antivirus programs were largely sufficient, as the majority of cyber threats were   show more ...

file-based and could be effectively countered with signature-based detection methods. However, as […] La entrada The Next Generation of Endpoint Security Is Being Reimagined Today – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Black

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: ciaobucarest via Alamy Stock Photo A new Black Basta campaign is annoying victims into submission with onslaughts of spam emails and fake customer service representatives tricking them into downloading malware. The news comes against   show more ...

the backdrop of a fresh joint cybersecurity advisory from the FBI, Cybersecurity […] La entrada 500 Victims In, Black Basta Reinvents With Novel Vishing Strategy – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: Trambler58 via Shutterstock A Ukrainian agency in charge of television and radio broadcasting reported that Russian hackers hijacked Ukrainian television channels on May 9 to air a Victory Day parade honoring the defeat of Nazi Germany   show more ...

in World War II. The broadcasting agency, Nacrada, […] La entrada Ukrainian, Latvian TV Hijacked to Broadcast Russian Celebrations – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading Source: Deco via Alamy Stock Photo A well-known hacking outfit called “IntelBroker” has put up for sale what it claims to be Europol data stolen earlier this month. The international law enforcement agency has   show more ...

confirmed that it’s investigating the incident. The data was advertised […] La entrada IntelBroker Nabs Europol Info; Agency Investigating – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: John A. Smith John A. Smith, Founder & Chief Security Officer, Conversant Group May 13, 2024 4 Min Read Source: Leigh Prather via Alamy Stock Photo COMMENTARY Authentication tokens aren’t actual physical tokens, of course. But when these digital identifiers   show more ...

aren’t expired regularly or pinned for use by a specific device […] La entrada Why Tokens Are Like Gold for Opportunistic Threat Actors – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 computer security

Source: www.schneier.com – Author: B. Schneier Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That   show more ...

[…] La entrada LLMs’ Data-Control Path Insecurity – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: www.infosecurity-magazine.com – Author: 1 Critical vulnerabilities have been found within Cinterion cellular modems. Disclosed during a Kaspersky presentation at OffensiveCon in Berlin on May 11, these flaws could allow remote attackers to execute arbitrary code, posing a significant threat to the   show more ...

integrity of millions of industrial devices reliant on these modems. The identified vulnerabilities, including CVE-2023-47610, […] La entrada Critical Vulnerabilities in Cinterion Modems Exposed – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 A recent incident involving an MS-SQL (Microsoft SQL) honeypot has shed light on the sophisticated tactics employed by cyber-attackers relying on Mallox ransomware (also known as Fargo, TargetCompany, Mawahelper, etc.). The honeypot, set up by the Sekoia   show more ...

research team, was targeted by an intrusion set utilizing brute-force techniques to deploy […] La entrada Mallox Ransomware Deployed Via MS-SQL Honeypot Attack – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 A ransomware attack on US private healthcare giant Ascension has led to ambulances being diverted and patient appointments being postponed. Ascension confirmed the attack on May 9 after detecting unusual activity on select technology network systems on May 8.   show more ...

The healthcare provider, which operates 140 hospitals across the US, said […] La entrada Ascension Ransomware Attack Diverts Ambulances, Delays Appointments – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Basta

Source: www.infosecurity-magazine.com – Author: 1 The Black Basta ransomware group and its affiliates compromised hundreds of organizations worldwide between April 2022 and May 2024, according to a new report from several US government agencies. The Joint Cybersecurity Advisory (CSA) was issued by the   show more ...

Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human […] La entrada Black Basta Ransomware Victim Count Tops 500 – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: thehackernews.com – Author: . May 14, 2024NewsroomLocation Tracking / Privacy Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used to stealthily keep tabs on them without their   show more ...

knowledge or consent. “This will help mitigate […] La entrada Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: www.bleepingcomputer.com – Author: Bill Toulas A new package mimicked the popular ‘requests’ library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. Discovered by Phylum, the campaign   show more ...

involves several steps and obfuscation layers, including using steganography in a PNG image file to […] La entrada PyPi package backdoors Macs using the Sliver pen-testing suite – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. In security advisories published today, Apple once again said they’re aware of reports that this   show more ...

vulnerability “may have been actively exploited.” The flaw is a memory […] La entrada Apple backports fix for RTKit iOS zero-day to older iPhones – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan The Federal Communications Commission (FCC) has named its first officially designated robocall threat actor ‘Royal Tiger,’ a move aiming to help international partners and law enforcement more easily track individuals and entities behind   show more ...

repeat robocall campaigns. Royal Tiger, a group of bad actors operating from India, the United Kingdom, […] La entrada FCC reveals Royal Tiger, its first tagged robocall threat actor – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas A cybercriminal using the name “salfetka” claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023. INC has previously targeted the U.S. division of Xerox Business   show more ...

Solutions (XBS), Yamaha Motor Philippines, and, more recently, Scotland’s National Health Service (NHS). Simultaneously with the alleged sale, the INC […] La entrada INC ransomware source code selling on hacking forums for $300,000 – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign. As New Jersey’s Cybersecurity and Communications Integration Cell (NJCCIC) warned on Friday, the   show more ...

attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the […] La entrada Botnet sent millions of emails in LockBit Black ransomware campaign – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. DNS tunneling is the encoding of data or commands that are   show more ...

sent and retrieved via DNS queries, essentially turning DNS, a fundamental network communication component, into a covert […] La entrada Hackers use DNS tunneling for network scanning, tracking victims – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. Though information about the attack was circulated on May 2, 2024,   show more ...

the city’s authorities shared more details in a press conference earlier […] La entrada Helsinki suffers data breach after hackers exploit unpatched flaw – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm. Firstmac is a significant player in Australia’s financial services   show more ...

industry, focusing primarily on mortgage lending, investment management, and securitization services. Headquartered in […] La entrada Largest non-bank lender in Australia warns of a data breach – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Have I Been Pwned has added the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website. The Post Millennial is a conservative Canadian online news magazine belonging to the Human Events   show more ...

Media Group, which also operates the American ‘Human Events’ news platform. Earlier […] La entrada The Post Millennial hack leaked data impacting 26 million people – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 The US telecoms regulator has named a malicious robocall group for the first time, in a bid to help international partners more effectively identify and block the actors behind it. The Federal Communications Commission (FCC) described “Royal Tiger” as a   show more ...

group of entities and individuals persistently facilitating robocall campaigns designed […] La entrada FCC Names and Shames First Robocall Threat Actor – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. New Jersey’s Cybersecurity and   show more ...

Communications Integration Cell (NJCCIC) reported that since April, threat actors used the the Phorpiex botnet to […] La entrada Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Threat actors may have exploited a zero-day in older iPhones, Apple warns Apple rolled out urgent security updates to address code execution vulnerabilities in iPhones, iPads, and macOS. Apple released urgent security updates to address multiple   show more ...

vulnerabilities in iPhones, iPads, macOS. The company also warns of a vulnerability patched […] La entrada Threat actors may have exploited a zero-day in older iPhones, Apple warns – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini City of Helsinki suffered a data breach The City of Helsinki suffered a data breach that impacted tens of thousands of students, guardians, and personnel. The Police of Finland is investigating a data breach suffered by the City of Helsinki, the security   show more ...

breach occurred during the night of 30 […] La entrada City of Helsinki suffered a data breach – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Russian hackers defaced local British news sites A group of hackers that defines itself as “first-class Russian hackers” claims the defacement of hundreds of local and regional British newspaper websites. A group claiming to be “first-class Russian   show more ...

hackers” defaced numerous local and regional British newspaper websites owned by Newsquest […] La entrada Russian hackers defaced local British news sites – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Australian Firstmac Limited disclosed a data breach after cyber attack Firstmac Limited disclosed a data breach after the new Embargo extortion group leaked over 500GB of data allegedly stolen from the company. Firstmac Limited, one of the largest   show more ...

non-bank lenders in Australia, disclosed a data breach. Firstmac Limited is an […] La entrada Australian Firstmac Limited disclosed a data breach after cyber attack – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Events , RSA Conference , RSA Conference Videos Ex-DHS Official Suzanne Spaulding and Jim Richberg of Fortinet on Critical Concepts Mathew J. Schwartz (euroinfosec) • May 13, 2024     Jim Richberg, head of global policy and field CISO, Fortinet, and Suzanne   show more ...

Spaulding, former undersecretary, Department of Homeland Security The […] La entrada How ‘Radical Transparency’ Can Bolster Cybersecurity – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Governance & Risk Management , Government , Industry Specific Federal Database Nears 10,000 Unanalyzed Vulnerabilities Amid Halt in Operations Chris Riotta (@chrisriotta) • May 13, 2024     The U.S. National Vulnerability Database is broken. (Image:   show more ...

Shutterstock) The United States’ federal database for tracking security vulnerabilities has virtually ground to […] La entrada Experts Warn the NVD Backlog Is Reaching a Breaking Point – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Events , Next-Generation Technologies & Secure Development Visa’s Subra Kumaraswamy on Threat Detection, AI and Third-Party Supply Chain Risk Rahul Neel Mani (@rneelmani) • May 13, 2024     Subra   show more ...

Kumaraswamy, senior vice president, CISO, Visa As the threat landscape evolves rapidly with sophisticated […] La entrada Defenders’ Dilemma: Can AI Bolster Cyber Resilience? – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Fraud Management & Cybercrime , Healthcare , Industry Specific Advisories Come As Black Basta Appears Responsible for Ascension Ransomware Attack Marianne Kolbasuk McGee (HealthInfoSec) • May 13, 2024     Image: CISA U.S. federal authorities warned that the   show more ...

Russian-speaking ransomware group Black Basta is actively targeting American critical infrastructure amid […] La entrada Feds, Groups Warn Health Sector of Black Basta Threats – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaches

Source: www.infosecurity-magazine.com – Author: 1 Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records.  According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded – a dramatic rise from 139 in 2022 and   show more ...

783 in 2021. This surge was primarily attributed to […] La entrada Data Breaches in US Schools Exposed 37.6M Records – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 botnet

Source: www.infosecurity-magazine.com – Author: 1 Ebury, one of the most advanced server-side malware campaigns, has been active for 15 years but its use by threat actors is still growing, according to cybersecurity firm ESET. A new report published on May 14 by ESET Research showed that operators of the Ebury   show more ...

malware and botnet were more […] La entrada Ebury Botnet Operators Diversify with Financial and Crypto Theft – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-05
Aggregator history
Tuesday, May 14
WED
THU
FRI
SAT
SUN
MON
TUE
MayJuneJuly