Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Beyond Borders: CISA ...

 Firewall Daily

During a recent Senate committee hearing, Director of National Intelligence Avril Haines emphasized state hackers' continued prominence as a threat, citing its aims to undermine trust in U.S. democratic institutions and exacerbate societal divisions. The hearing follows the rise of potential cyberattack on the US   show more ...

election, which has intensified over the last few months, and foreign interference has peaked with many state actors aiming to launch cyberattacks on the upcoming US elections in 2024.  The upcoming 2024 United States elections are slated to take place on Tuesday, November 5, 2024. In this crucial presidential election cycle, the nation will elect its president and vice president. Leveraging the attention to these events, several state-back hackers are running multiple threat campaigns to target the integrity of the US election and possibly accomplish their personal agendas.  Democratic Senator Mark Warner, chairman of the Senate Intelligence Committee, expanded on the scope of foreign influence efforts, including not only state actors but also non-state entities like hacktivists and cybercriminals. Warner stressed the ease with which these actors can now infiltrate and disrupt U.S. politics, emphasizing the increasingly low barriers to entry for such malicious activities.  Potential Cyberattack on the US Election: A Pressing Concern! https://www.youtube.com/watch?v=WphVoguvVd8 At the forefront of defending against this potential cyberattack on the US election is the Cybersecurity and Infrastructure Security Agency (CISA). In a recent update on foreign threats to the 2024 elections, CISA Director Jen Easterly outlined the agency's efforts to safeguard election infrastructure since its designation as critical infrastructure in 2017.  "While our election infrastructure is more secure than ever, today’s threat environment is more complex than ever. And we are very clear eyed about this. As the DNI noted, our foreign adversaries remain a persistent threat to our elections, intent on undermining Americans’ confidence in the foundation of our democracy and sowing partisan discord, efforts which could be exacerbated by generative AI capabilities", said Jen Easterly. Despite these persistent threats, Easterly highlighted the successful conduct of secure federal elections in 2018, 2020, and 2022, with no evidence of vote tampering. However, Easterly cautioned against complacency, noting the complexity of ransomware groups/threat actors and their unconventional modus operandi.  Moreover, foreign hackers remain intent on undermining confidence in U.S. democracy, compounded by the proliferation of generative AI capabilities. Moreover, Easterly highlighted the rise in large-scale attacks on US elections, targeting political leaders and other election officials — fueled by baseless claims of electoral fraud. CISA’s Plan To Bolster Cybersecurity in the Upcoming US Election In response to these cyberattacks on the upcoming US elections, CISA has intensified its efforts, expanding its services and outreach to election stakeholders across the nation. From cybersecurity assessments to physical security evaluations and training sessions, CISA has been actively engaged in fortifying security in the upcoming election and its infrastructure.  The agency has also ramped up efforts to combat disinformation, providing updated guidance and amplifying the voices of state and local election officials. Despite the political nature of elections, Easterly emphasized that election security remains apolitical. CISA remains steadfast in its commitment to preserving the integrity of the electoral process and looks to the support of leaders in this endeavor.  As the nation prepares for future elections, bolstering cybersecurity measures and defending against foreign  influence operations remain central priorities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for A New WiFi Vulnerabi ...

 Firewall Daily

A new WiFi vulnerability is reportedly leading users to a SSID confusion attack. The vulnerability has been identified in the very fabric of the IEEE 802.11 standard. This newly discovered vulnerability targets the foundation of  WiFi security protocols and potentially places millions of users at risk worldwide. The   show more ...

SSID confusion attack, identified under the identifier CVE-2023-52424, capitalizes on a critical oversight in WiFi design, allowing malicious actors to deceive WiFi clients across various operating systems into connecting to untrusted networks unwittingly.  The ramifications of this vulnerability extend beyond mere inconvenience, opening potential games for a host of malicious activities, including traffic interception and manipulation. New IEEE 802.11 Standard WiFi Vulnerability Links to SSID Confusion Attack According to security researcher Mathy Vanhoef, the IEEE 802.11 standard WiFi vulnerability is set to be presented at the WiSec ’24 conference in Seoul, sheds light on the inner workings of the SSID confusion Attack, highlighting its potential impact on enterprise, mesh, and home WiFi networks. At the core of this WiFi vulnerability lies a fundamental flaw in the IEEE 802.11 standard, which fails to enforce authentication of network names (SSIDs) during the connection process. This oversight paves the way for attackers to lure unsuspecting victims onto less secure networks by spoofing legitimate SSIDs, leaving them vulnerable to cyberattacks. The SSID confusion attack targets WiFi clients across diverse platforms and operating systems. From home users to corporate networks, no device using the IEEE 802.11 standard WiFi protocol is immune to these attacks IEEE 802.11 Standard Vulnerability Even Targets Virtual Private Networks (VPNs) The collaboration between Top10VPN and Vanhoef shares insights into the inner workings on the vulnerability, touted as projection of online privacy and security, are not impervious to this threat, with certain clients susceptible to automatic disablement when connected to "trusted" WiFi networks. Universities, often hotbeds of network activity, emerge as prime targets for exploitation due to prevalent credential reuse practices among staff and students. Institutions in the UK, US, and beyond have been identified as potential breeding grounds for SSID Confusion Attacks, highlighting the urgent need for proactive security measures, said Top10VPN.  To defend against this insidious threat, concerted efforts are required at multiple levels. From protocol enhancements mandating SSID authentication to client-side improvements for better protection, the SID confusion attack is still an ongoing issue.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Gone in 12 Seconds: ...

 Governance

Gone in 60 seconds is a thing of the past. With the world moving towards digital assets and cryptocurrency, “Gone in 12 seconds” seems to be the new norm for digital heists. The U.S. Department of Justice arrested two siblings for attacking the Ethereum blockchain and siphoning $25 million of cryptocurrency during   show more ...

a 12 second exploit. Hailing from Boston and New York respectively, Anton Peraire-Bueno, 24, and James Peraire-Bueno, 28, stand accused of a litany of charges including conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering. According to an unsealed indictment on Wednesday the brothers mixed their “specialized skills” from their education at MIT with their expertise in cryptocurrency trading to exploit “the very integrity of the (Ethereum) blockchain,” said U.S. Attorney Damian Williams. The brothers meticulously planned the exploit scheme for months “and once they put their plan into action, their heist only took 12 seconds to complete,” he added. “This alleged scheme was novel and has never before been charged.” Through the Exploit, which is believed to be the very first of its kind, Peraire-Bueno brothers manipulated and tampered with the process and protocols by which transactions are validated and added to the Ethereum blockchain. The MEV Conundrum from Ethereum Blockchain Exploit According to the indictment, the Pepaire-Bueno brothers initiated their scheme in December 2022, targeting specific traders on the Ethereum platform through what investigators term a "baiting" operation. At the heart of the indictment lies the concept of MEV-Boost, a software tool utilized by Ethereum validators to optimize transaction processing and maximize profitability. MEV, or maximal extractable value, has long been a subject of controversy within the cryptocurrency community, with proponents arguing its economic necessity and critics highlighting its potential for abuse. They exploited a critical flaw in MEV-Boost's code, granting them unprecedented access to pending transactions before their official validation by Ethereum validators. Leveraging this loophole, the siblings embarked on a sophisticated campaign targeting specific traders utilizing MEV bots. The indictment elucidates the modus operandi employed by the accused duo. The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. By establishing their own Ethereum validators and deploying bait transactions, they enticed MEV bots from these traders for their illicit scheme. Subsequently, through a series of meticulously orchestrated maneuvers, including frontrunning and transaction tampering, they siphoned off $25 million of cryptocurrency from unsuspecting victims – all in just 12 seconds. Following the successful execution of their nefarious scheme, the brothers allegedly laundered the ill-gotten gains through a network of shell companies. Converting the stolen funds into more liquid cryptocurrencies such as DAI and USDC, they attempted to rebuff attempts of victims and Ethereum representatives to recover the stolen cryptocurrency. Following their arrest on Tuesday, the brothers are set to appear in federal courts in New York and Boston to face charges. If convicted the brothers face a maximum sentence of up to 20 years in prison for each count. Deputy Attorney General Lisa Monaco lauded the Justice Department’s prosecutors and IRS agents, “who unraveled this first-of-its kind wire fraud and money laundering scheme.” “As cryptocurrency markets continue to evolve, the Department will continue to root out fraud, support victims, and restore confidence to these markets.” Cryptocurrency Heists and Convictions Growing Every Day The news of the arrest comes on the heels of another crypto heist from Sonne Finance, the cryptocurrency lending protocol. The team at Sonne Finance is offering an undisclosed bounty to a hacker responsible for a $20 million theft on Tuesday evening. Sonne Finance facilitates lending and borrowing without intermediaries like banks. The theft, tracked by blockchain security companies, involved digital coins like ether and USDC. Developers paused all markets and later detailed the attack in a postmortem, offering a bounty for the return of funds. They detected the attack within 25 minutes, with some users preventing $6.5 million theft. The hacker has since been exchanging stolen cryptocurrency for bitcoin and others. Law enforcement focus on crypto theft has intensified in 2024, with notable convictions including a $110 million theft from Mango Markets resulting in up to 30 years in prison and sentences for individuals involved in crypto scams and market manipulation. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Russian Hackers Used ...

 Espionage

Researchers recently uncovered two new backdoors implanted within the infrastructure of a European Ministry of Foreign Affairs (MFA) and its diplomatic missions. Slovakian cybersecurity firm ESET who found these two new backdoors dubbed “LunarWeb” and “LunarMail,” attributed them to the Turla cyberespionage   show more ...

group believed to be aligned with Russian interests. Turla has operated since at least 2004, possibly starting in the late 1990s. Linked to the Russian FSB, Turla primarily targets high-profile entities like governments and diplomatic organizations in Europe, Central Asia and the Middle East. Notably, they have breached significant organizations such as the US Department of Defense in 2008 and the Swiss defense company RUAG in 2014. Researchers believe the Lunar toolset that has been used since at least 2020 is an addition to the arsenal of Russia-aligned cyberespionage group Turla based on the similarities between the tools’ tactics, techniques, and procedures (TTPs) and past activities. LunarWeb Backd: Used to Navigate the Digital Terrain LunarWeb backdoor stealthily infiltrates servers, establishing its foothold within the targeted infrastructure. Operating covertly, it communicates via HTTP(S) while mirroring legitimate traffic patterns to obfuscate its presence. Concealment is key in LunarWeb's playbook. For this the backdoor used steganography technique. This backdoor covertly embeds commands within innocuous images, effectively evading detection mechanisms. LunarWeb's loader, aptly named LunarLoader, showcases remarkable versatility, the researchers noted. Whether masquerading as trojanized open-source software or operating in standalone form, this entry point demonstrates the adaptability of the adversary's tactics. LunarMail: Used to Infiltrate Individual Workstations LunarMail takes a different approach as compared to LunarWeb. It embeds itself within Outlook workstations. Leveraging the familiar environment of email communications, this backdoor carries out its spying activities remaining hidden amidst the daily deluge of digital correspondence that its victims receive on their workstations. [caption id="attachment_68881" align="aligncenter" width="1024"] LunarMail Operation (credit: ESET)[/caption] On first run, the LunarMail backdoor collects information on the environment variables, and email addresses of all outgoing email messages. It then communicates with the command and control server through the  Outlook Messaging API to receive further instructions. LunarMail is capable of writing files, setting email addresses for C&C communication, create arbitrary processes and execute them, take screenshots and more. Similar to its counterpart, LunarMail harnesses the power of steganography albeit within the confines of email attachments. By concealing commands within image files, it perpetuates its covert communication channels undetected. LunarMail's integration with Outlook extends beyond mere infiltration. It manipulates email attachments, seamlessly embedding encrypted payloads within image files or PDF documents which facilitates unsuspicious data exfiltration. Initial Access and Discovery The initial access vectors of the Turla hackers, though not definitively confirmed, point towards the exploitation of vulnerabilities or spearphishing campaigns. The abuse of Zabbix network monitoring software is also a potential avenue of compromise, the researchers said. The compromised entities were primarily affiliated with a European MFA, which meant the intrusion was of a strategic nature. The investigation first began with the detection of a loader decrypting and running a payload from an external file, on an unidentified server. This was a previously unknown backdoor, which the researchers named LunarWeb. A similar attack chain with LunarWeb was then found deployed at a diplomatic institution of a European MFA but with a second backdoor – named LunarMail. In another attack, researchers spotted simultaneous deployments of a chain with LunarWeb at three diplomatic institutions of this MFA in the Middle East, occurring within minutes of each other. “The attacker probably had prior access to the domain controller of the MFA and utilized it for lateral movement to machines of related institutions in the same network,” the researchers noted. The threat actors displayed varying degrees of sophistication in the compromises. The coding errors and different coding styles used to develop the backdoors suggested that “multiple individuals were likely involved in the development and operation of these tools.” Russian State Hackers Biggest Cyber Threat Recently, Google-owned Mandiant in a detailed report stated with “high confidence” that Russian state-sponsored cyber threat activity poses the greatest risk to elections in regions with Russian interest including the European Union, the United Kingdom and the United States. Russia’s approach to election interference is multifaceted, blending cyber intrusion activities with information operations aimed at influencing public perceptions and sowing discord. Russian state-aligned cyber threat actors target election-related infrastructure for various reasons including applying pressure on foreign governments, amplifying issues aligned with Russia’s national interests, and retaliating against perceived adversaries. Groups like APT28 and UNC4057 conduct cyber espionage and information operations to achieve these objectives, Mandiant said. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for US Charged North Kor ...

 Cybersecurity News

The U.S. federal prosecutors on Thursday revealed charges against a North Korean job fraud nexus that ran its fraudulent scheme to generate illicit revenue for Kim Jong Un’s regime and support its sanctioned nuclear program. The U.S. Department of Justice indicted an Arizona woman, a Ukrainian man and three North   show more ...

Korean nationals for their alleged participation in job fraud schemes that placed overseas information technology workers – posing as U.S. citizens and residents - in remote positions at U.S. companies. This job fraud nexus scammed more than 300 U.S. companies and accumulated at least $6.8 million, said the unsealed indictment of Christina Marie Chapman, 49, from Litchfield Park, Arizona. The U.S. State Department said that between October 2020 and October 2023, Chapman, a U.S. citizen, helped North Korean IT workers under the aliases Jiho Han, Chunji Jin and Haoran Xu, to fraudulently obtain work as remote software and applications developers with companies in a range of sectors and industries including a major television network, a Silicon Valley technology company, an aerospace and defense company, an American car manufacturer, a luxury retail store and a U.S.-hallmark media and entertainment company. “They also attempted - but failed - to gain similar employment at two U.S. government agencies,” the State Department said. In pursuit of running the job fraud scheme, Chapman and her co-conspirators took help of identity fraud. “They compromised more than 60 identities of (legitimate) U.S. persons, impacted more than 300 U.S. companies, caused false information to be conveyed to the Department of Homeland Security on more than 100 occasions, created false tax liabilities for more than 35 U.S. persons, and resulted in at least $6.8 million of revenue to be generated for the overseas IT workers,” the Justice Department said. Chapman’s Role in Job Fraud Chapman hosted a “laptop farm,” for the North Korean IT workers at her residence, so that the computers appeared to be located within the United States on a daily basis. “She also helped launder the proceeds from the scheme by receiving, processing, and distributing paychecks from the U.S. firms to these IT workers and others,” the State Department said. Chapman was arrested on Wednesday in her hometown in Arizona and faces a litany of counts including conspiracy to defraud the United States, conspiracy to commit wire fraud, conspiracy to commit bank fraud, aggravated identity theft, conspiracy to commit identity fraud, conspiracy to launder monetary instruments, operating as an unlicensed money transmitting business, and unlawful employment of aliens. Didenko, the Facilitator The Justice department also named a Ukrainian national Oleksandr Didenko, 27, in the unsealed charges. Didenko allegedly run a multi-year scheme to create accounts at U.S.-based freelance IT job search platforms under false identities and sold these accounts to overseas IT workers. Remote workers used these false identities to apply for jobs with unsuspecting companies. To facilitate this fraudulent activity, Didenko hosted a website “UpWorkSell”, which advertised the ability for remote IT workers to buy or rent accounts on various platforms using identities other than their own. The complaint alleged that Didenko offered a full array of services to allow an individual to pose under a false identity and market themselves for remote IT work, and that he knew that some of his customers were North Korean. Didenko managed approximately 871 proxy identities, provided proxy accounts for three freelance IT hiring platforms and for three different money service transmitters, the complaint against Didenko said. Together with the co-conspirators, Didenko facilitated the operation of at least three U.S.-based “laptop farms,” hosting approximately 79 computers. The Justice Department said it raided four U.S. residences under Didenko’s control where he ran laptop farms. He also laundered $920,000 worth payments since July 2018 in the job fraud scheme. Didenko was arrested in Poland on May 7, and the State Department is seeking his extradition. The North Korean Trio The three North Korean workers "are linked to the DPRK’s Munitions Industry Department, which oversees the development of the DPRK’s ballistic missiles, weapons production, and research and development programs," the State Department said. The department said the workers tried to get hired at two unnamed U.S. government agencies but failed three separate times. Details about the three North Korean IT workers are scarce but the State Department released an image of Jiho Han on its Rewards for Justice platform where it also announced a bounty of up to $5 million for information on any of these North Korean IT workers that leads to the disruption of financial mechanisms of the people engaged. [caption id="attachment_68911" align="aligncenter" width="1024"] Credit: U.S. Department of State[/caption]   The FBI also released an alert about North Korean IT workers and their scheme to defraud U.S. businesses and fund Pyongyang’s illicit activities. Targeting of Illicit IT Worker Activities The latest announcement comes almost a year after the U.S. Treasury announced sanctions on four entities that employed thousands of North Korean IT workers that help illicitly finance the regime's missile and weapons of mass destruction programs. The treasury, at the time, said North Korea had scores of “highly skilled” IT workers around the globe who “generate revenue that contributes to its unlawful WMD and ballistic missile programs.” These individuals, who can earn up to $300,000 annually, “deliberately” obscure their identities, locations and nationalities, using proxy accounts, stolen identities and falsified or forged documentation to apply for jobs, the Treasury said. The 15-member United Nations Security Council has long prohibited North Korea from engaging in nuclear tests and ballistic missile launches. Since 2006, the country has been under stringent UN sanctions, continuously bolstered by the Council to sever financial support for its weapons of mass destruction (WMD) development endeavors. Yet, Pyongyang has amassed a staggering $3 billion funding for its nuclear program from cyberattacks particularly on cryptocurrency related companies. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Nissan Cybersecurity ...

 Data Breach News

Following the massive Nissan data breach from November last year that exposed the Social Security numbers of thousands of former and current employees, the Japanese automaker has shared new updates on the cybersecurity incident.  In a new letter sent on May 15, 2024, Nissan shared details of the cyberattack, stating   show more ...

the incident has affected Nissan North America. The letter disclosed that a threat actor targeted the company's virtual private network, demanding payment. Nissan has not confirmed whether it acquiesced to the ransom demands. Nissan Data Breach Update: 53,000 Employees Affected Upon discovering the Nissan data breach, the Japanese automaker notified law enforcement and engaged cybersecurity experts to contain and neutralize the threat. The company also conducted an internal investigation, informing employees during a town hall meeting held in December 2023, a month after the Nissan cyberattack. To mitigate potential harm, Nissan is offering complimentary identity theft protection services for two years to those impacted by the breach. The company's positive response to safeguarding employee privacy is highlighted by these proactive measures. The official communication emphasized Nissan's dedication to reinforcing its security infrastructure and practices. Following the incident, the company has implemented additional security measures and enlisted cybersecurity specialists to conduct a thorough review, ensuring enhanced protection against future threats. Despite the Nissan breach, the automotive maker has not detected any instances of fraud or identity theft resulting from the incident. Nonetheless, as a precautionary measure, affected individuals are urged to take advantage of the complimentary credit monitoring services provided by Experian IdentityWorks. No Identity Fraud Detected “This is in addition to the employee benefit you may have elected with Nissan. These complimentary credit services are being provided to you for 24 months from the date of enrollment. Finally, Nissan is providing you with proactive fraud assistance to help with any questions you might have or if you become a victim of fraud. These services are provided by Experian, a company specializing in fraud assistance and remediation services”, said Nissan. To activate the identity protection service, recipients are instructed to enroll by a specified deadline and utilize the provided activation code. Additionally, individuals are encouraged to remain vigilant against potential fraud by monitoring their credit reports and promptly reporting any suspicious activity. Recipients are assured of assistance for 90 days from the letter's date in enrolling for the complimentary credit monitoring services. They are encouraged to contact the dedicated helpline at 833-931-6266, with the engagement number B120412 ready for reference.  Nissan highlights its commitment to employee welfare and the seriousness with which it regards the protection of personal information, expressing regret for any inconvenience caused by the incident. The letter concludes with signatures from Leon Martinez, Vice President of Human Resources, and William Orange, Vice President of IS/IT and Chief Information Officer. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for MediSecure Data Brea ...

 Data Breach News

A ransomware attack has compromised MediSecure, a leading Australian script provider facilitating electronic prescribing and dispensing of prescriptions. The MediSecure data breach was reported by the national cyber security coordinator — the healthcare provider believes that the breach stems from a third-party   show more ...

vendor. The Australian government, through its National Cyber Security Coordinator (NCSC), has shared updates on the MediSecure data breach, initiating a comprehensive investigation and a "whole-of-government response" to address the incident's ramifications.  Lieutenant General Michelle McGuinness, the national cyber security coordinator, confirmed MediSecure as the victim of this cyberattack in a statement on LinkedIn, describing it as a 'large-scale ransomware data breach incident.' Government Response to MediSecure Data Breach Authorities, including the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP), are actively engaged in probing the MediSecure data breach.  However, details remain scarce as investigators navigate the complexities of the incident. The absence of a known threat actor claiming responsibility further complicates the situation, heightening concerns about the sophistication of cyber threats targeting the healthcare sector.  Cyber Security Minister Clare O’Neil said the government was commited to address the breach, convening a National Coordination Mechanism to coordinate efforts and mitigate the breach's impact effectively. “I have been briefed on this incident in recent days, and the government convened a National Coordination Mechanism regarding this matter today,” Minister O’Neil said in a LinkedIn post. “Speculation at this stage risks undermining significant work underway to support the company's response,” O'Neil added. The Shadow Home Affairs and Cyber Security Minister James Paterson told Sky News in an interview that the latest breach was a reminder of the currently “dangerous” cyber threat landscape, especially for the health sector. Paterson said healthcare is a lucrative sector both for cybercriminals and nation-state actors. “Criminal actors like to use it for ransomware because the health sector is often vulnerable to those targets, and sometimes they do pay. And nation state backed actors use it as an opportunity to gather intelligence and information about us,” Paterson explained. Australia has been hit in the past few years by some of the largest data breaches in the form of Medibank and Optus data breaches, that impacted millions across Australia. The scope of the current breach is reportedly unlike the earlier ones, but it is still some of the most personally and privately significant information that exists about a person, Paterson said. “This is very distressing for Australians when it is released publicly. And it is important that the federal government get on top of this straight away and do whatever they can to stop the proliferation of this information online,” he added. MediSecure has taken proactive measures, including taking its website offline, as it works to contain the breach's fallout. In a statement, the company acknowledged the incident and stated, “We have taken immediate steps to mitigate any potential impact on our systems. While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors”, reads the statement. The Cyber Express has reached out to MediSecure to learn more about this data breach. However, at the time of writing this, no official statement or response has been shared. The organization did share a statement on its website, stating “MediSecure understands the importance of transparency and will provide further updates via our website as soon as more information becomes available. We appreciate your patience and understanding during this time.” Cyberattacks on the Healthcare Sector This cyberattack on MediSecure echoes previous breaches in Australia's healthcare sector, including the 2022 data breach involving Medibank, which compromised the personal data of millions of Australians. In 2023, healthcare organizations globally faced an unprecedented wave of cyberattacks, affecting over 116 million individuals in the US alone, more than double the previous year's count.  Notable incidents include data breaches at Delta Dental of California, Fred Hutch Cancer Center, Norton Healthcare, and HCA Healthcare, among others. German hospitals also fell victim to ransomware attacks, disrupting medical services.  The European Union Agency for Cybersecurity reported that the majority of attacks targeted healthcare providers, with financial motives driving 83% of incidents. India witnessed a surge in cybercrime, with significant financial losses and high-profile attacks during the G20 summit.  The recurrence of such incidents highlights the persistent cybersecurity vulnerabilities plaguing the healthcare industry, necessitating comprehensive strategies to fortify defenses against evolving cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for GhostSec Announces S ...

 Cybersecurity News

GhostSec, a threat actor group previously involved in financially motivated cybercrimes, announced a significant shift in their focus to depart from the cybercrime and ransomware operations to their original hacktivist aims. The announcement detailing GhostSec returns to hacktivism roots, would mark a notable change   show more ...

in the group's priorities and operational strategies, leading several to speculate that the stated departure comes after recent law enforcement efforts against international ransomware groups. The GhostSec group identifies itself as part of the Anonymous collective and is known to have been active in their operations since 2015. The group used hashtags such as #GhostSec or #GhostSecurity to promote their activities. The group was previously involved in the #OpISIS, #OpNigeria, and #OpIsrael campaigns. GhostSec Will Transfer Existing Ransomware Clients to Stormous In an announcement made on its Telegram channel, the GhostSec group stated that they had gathered sufficient funds from their ransomware operations to support other activities moving forward. Rather than completely abandoning their previous work, this transition includes transferring existing clients to the new Stormous locker by Stormous, a partner organization to whom they will also share the source code of the V3 Ghostlocker ransomware strain. [caption id="attachment_68783" align="alignnone" width="483"] Source: GhostSec Telegram Channel[/caption] They claim that these efforts will ensure a smooth transition to Stormous' services, while avoiding the exit scams or disruption risks typically associated with ransomware exits. Stormous will also take over GhostSec's associates within the Five Families collective, which previously consisted of GhostSec, ThreatSec, Stormous, BlackForums, and SiegedSec. While GhostSec will halt some of its earlier services, the group intends to maintain its private channel and chat room. The group announced a discount offer starting today and lasting until May 23rd for lifetime access to its private channel and chat room, reducing the price from $400 to $250. The group also suggested the possibility of offering a hacking course, although they are still debating the details. GhostSec Returns to Hacktivism The announcement expressed GhostSec's intentions to focus solely on hacktivism, a form of activism that employs hacking to promote social or politically driven agendas. GhostSec had a record of intense hacktivist operations and campaigns such as their successful efforts back in 2015 to taken down hundreds of ISIS-associated websites or social media accounts, reportedly halting potential terrorist attacks. The group used social media hashtags like #GhostSec, #GhostSecurity, or #OpISIS to promote their activities and participate in hacktivist initiatives against the terrorist group. GhostSec also promoted a project ("New Blood") to assist newcomers in picking up hacking skills to participate in their campaigns and provided resources to assist activists in anonymizing their identities such as WeFreeInternet, a project that sought to offer free VPN facilities to Iranian activists. The group had stated its intent to expand the project to support activists in similar circumstances who found their internet to be restricted by the governments worldwide. The official GhostSec Telegram channel where the announcement took place had been created on October 25, 2020, and the group is known to utilize its social media handles on various websites to promote its activities. It is important to note that the group's decision to depart from the cybercrime scene does not necessarily imply a shift towards more ethical practices. Furthermore, the group's involvement in financially motivated cybercrimes raises questions about their true motivations and the potential for their hacktivism to be used for personal gain or dubious political agenda rather than genuine social change. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Josh Krueger of Proj ...

 Cybersecurity News

Josh Krueger, the Chief Information Security Officer at Project Hosts, Inc. has been appointed to the Federal Secure Cloud Advisory Committee (FSCAC). This prestigious committee plays a crucial role in advising the Federal Risk and Authorization Management Program (FedRAMP) on various aspects of cloud computing   show more ...

adoption and security. The FSCAC appointment recognizes Mr. Krueger's expertise and Project Hosts' ongoing efforts to support secure cloud-computing practices and compliance standards, benefiting users and providers of cloud services. The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide compliance initiative in the United States that offers a standardized framework for security assessment, authorization, and continuous monitoring of cloud products and services. FSCAC Appointment Includes New Chair and Three Members Along with Josh Krueger's appointment, Lawrence Hale, the deputy assistant commissioner within the Office of Information Technology Category Management for GSA's Federal Acquisition Service, will serve as the new chair of the FSCAC. In this capacity, Hale will act as a liaison and spokesperson for the committee's work products, in addition to his oversight responsibilities. Josh Krueger, and Kayla Underkoffler, the lead security technologist of HackerOne, will fill the vacant seats. Krueger's term will run through July 9, 2026, while Underkoffler's term will end on May 14, 2025. Carlton Harris, the senior vice president of End to End Solutions, has been appointed as the third new member of the FSCAC, with a three-year term ending on May 14, 2027. While not among the recent appointees, Michael Vacirca, a senior engineering manager at Google, has been reappointed to the federal panel for a full three-year term after serving for one year. His term will conclude on May 14, 2027. As an appointed Representative Member of the FSCAC, Mr. Josh Krueger is expected to bring unique perspectives towards the delivery of FedRAMP's Compliance-as-a-Service solutions. The role at the committee will involve representing the needs and viewpoints of businesses both small and large in the cloud-computing industry, and ensuring their interests are considered in the federal discussions and strategies around cloud adoption. Responsibilities of the Federal Secure Cloud Advisory Committee The FSCAC was formed by the General Services Administration in February 2023, in compliance with the FedRAMP Authorization Act of 2022, which is part of the National Defense Authorization Act for fiscal year 2023. The committee's primary responsibilities include advising and providing recommendations to the GSA Administrator, the FedRAMP Board, and various agencies on technical, financial, programmatic, and operational matters related to the secure and effective adoption of cloud computing products and services across different sectors. The committee also plays a significant role in examining the operations of FedRAMP, seeking ways to continually improve authorization processes, and collecting information and feedback on agency compliance with the implementation of FedRAMP requirements. Additionally, the FSCAC serves as a forum for communication and collaboration among all stakeholders within the FedRAMP community. The FSCAC will hold an open meeting on May 20th to discuss its next priorities, which are expected to further enhance the security and adoption of cloud computing solutions across the federal government. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for How carmakers sell d ...

 Privacy

Early in the movie The Fifth Element, there is a sequence that shows the dystopian nature of the future world: Korben Dallass smart taxi fines him for a traffic violation and revokes his license. Back in 1997, this seemed like science fiction – and it was. Today its turning into reality. But first things first. Not   show more ...

so long ago, we looked at the potential dangers associated with the amount of data modern vehicles collect about their owners. Then, even more recently, an investigation revealed what this might mean in practice for drivers. It turns out that carmakers, through specialized data brokers, are already selling telematics data to insurance companies, who are using it to raise the cost of insurance for careless drivers. Most alarming of all, however, is that car owners are often kept in the dark about all of this. Lets investigate further. Gamification of safe driving with far-reaching consequences It all started in the US when owners of General Motors vehicles (parent company of the Chevrolet, Cadillac, GMC, and Buick brands) noticed a sharp rise in their auto insurance premiums compared to the previous period. The reason, it transpired, was the practice of risk profiling by data broker LexisNexis. LexisNexis works with auto insurers to supply them with driver information, usually about accidents and traffic fines. But vehicle owners hit by the premium hike had no history of accidents or dangerous driving! The profiles compiled by LexisNexis were found to contain detailed data on all trips made in the insured vehicle, including start and end times, duration, distance and, crucially, all instances of hard acceleration and braking. And it was this data that insurers were using to increase insurance premiums for less-than-perfect drivers. Where did the data broker get such detailed information? From General Motors OnStar Smart Driver. That is the name of the safe driving gamification feature built into General Motors vehicles and the myChevrolet, myCadillac, myGMC, and myBuick mobile apps. The feature tracks hard acceleration and braking, speeding, and other dangerous events, and rewards good driving with virtual awards. The OnStar Smart Driver safe driving gamification feature is built into myChevrolet, myCadillac, myGMC, and myBuick mobile apps by General Motors. Source Whats more, according to some car owners, they didnt enable the feature themselves – the car dealer did it for them. Crucially, neither General Motors apps nor the terms of use explicitly warned users that OnStar Smart Driver data would be shared with insurance-related data brokers. This lack of transparency extended to the privacy statement on the OnStar website. While the statement mentions the possibility of sharing collected data with third parties, insurers are not specifically listed, and the text generally aims for maximum vagueness. Along the way, LexisNexis was discovered to be working with three other automakers besides General Motors – Kia, Mitsubishi, and Subaru – all of which have similar safe driving gamification programs under names like Driving Score or Driver Feedback. According to the LexisNexis website, the companies that work with the data broker include General Motors, Kia, Mitsubishi, and Subaru. Source At the same time, another data broker – Verisk – was found to be providing telematics data to car insurers. Its automotive clients include General Motors, Honda, Hyundai, and Ford. Another broker, Verisk, lists General Motors, Honda, Hyundai, and Ford in its telematics sales service description. Source As a result, many drivers found themselves, in effect, locked into a car insurance policy with costs based on driving habits. Its just that such programs used to be voluntary, offering a basic discount for participation – and even then, most drivers opted out. Now it appears that carmakers are enrolling customers not only without their consent, but without their knowledge. According to available information, this is currently only happening to drivers in the US. But what starts in the States usually migrates, so similar practices may soon appear in other regions. How to protect yourself from data-hungry cars Unfortunately, there is no silver bullet to stop your automobile from harvesting data. Most new vehicles already come with built-in telematics collection as standard. And the number is only going to grow so that in a year or two these cars will make up more than 90% of the market. Naturally, the maker of your car wont make it easy or even possible to turn off telematics. If youre ready to consider the factor of your car collecting data on you for third parties (or, in simple words, spying), then read our post with detailed tips on how you can try to get rid of surveillance by carmakers. Spoiler alert: its not easy and requires careful study of the documentation, as well as sacrificing some of the benefits of connected cars, so these tips wont work for everyone. As for the scenario described in this post of selling driver data to insurers, our advice is to search the in-vehicle menu and mobile app for a safe driving gamification feature and disable it. It may be called Smart Driver, Driving Score, Driver Feedback, or something similar. US-based drivers are also advised to request their data from LexisNexis and Verisk to be prepared for nasty surprises, and to see if its possible to delete information that has already been collected.

image for Spotlight Podcast: C ...

 Business

In this Spotlight Podcast, host Paul Roberts talks with Chris Walcutt, the CSO of DirectDefense about the rising cyber threats facing operational technology (OT) and how organizations that manage OT - including critical infrastructure owners can best manage increased cyber risks to OT environments. The post Spotlight   show more ...

Podcast: CSO Chris Walcutt on...Read the whole entry... » Click the icon below to listen. Related StoriesCiting Attacks On Small Utilities, Dragos Launches Community Defense ProgramFBI: Iranian APT Targets Israeli-Made PLCs Used In Critical IndustriesChina Calls Out U.S. For Hacking. The Proof? TBD!

 Incident Response, Learnings

The FBI and the DOJ have seized control of the BreachForums hacking forum, which was a marketplace for cybercriminals to buy, sell, and trade stolen data and other illegal services, and are now investigating the forum and its admins.

 Identity Theft, Fraud, Scams

Scammers exploit Instagram's influencer program to hijack users' accounts by hacking into them, posting about cryptocurrencies, and then tricking victims into providing their login credentials to "vote" for the scammer's fake influencer contest.

 Malware and Vulnerabilities

Google has released an emergency security update for Chrome to address the third zero-day vulnerability exploited in attacks within a week, highlighting the ongoing challenges in securing the popular web browser against sophisticated cyber threats.

 Trends, Reports, Analysis

Russia-linked APT groups pose a significant threat to OT environments, as demonstrated by their recent attacks targeting critical infrastructure in Ukraine and its allies, with the potential for further disruption and long-term espionage operations.

 Companies to Watch

LogRhythm, a leading SIEM (Security Information and Event Management) company, is merging with Exabeam, another prominent SIEM player, in a move that aims to create a stronger, AI-driven security operations leader in the market.

 Malware and Vulnerabilities

Cybersecurity researchers have discovered a concerning trend of PDF exploitation targeting users of Foxit Reader, a popular PDF software, with sophisticated attack chains and malware families being utilized in real-world scenarios.

 Malware and Vulnerabilities

Researchers identified 11 security flaws in certain GE HealthCare ultrasound devices, including the Invenia ABUS 2.0, that could allow malicious actors with physical access to the devices to implant ransomware or access and manipulate patient data.

 Mobile Security

Apple and Google have joined forces to develop an industry specification that will allow users across iOS and Android to be alerted if a Bluetooth tracking device is being used to unknowingly track their location.

 Security Products & Services

Google is adding new anti-theft and data protection features for Android, including AI-powered screen locks, remote locking, and improved factory reset protection to secure users' data if devices are lost or stolen.

 Feed

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

 Feed

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network   show more ...

devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

 Feed

Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. It is programmed in Python script and it allows us to check the security of a VoIP server using SIP protocol, over UDP, TCP and TLS protocols.

 Feed

Debian Linux Security Advisory 5692-1 - Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.

 Feed

Debian Linux Security Advisory 5691-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking.

 Feed

Debian Linux Security Advisory 5689-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-4761 exists in the wild.

 Feed

Debian Linux Security Advisory 5690-1 - Amel Bouziane-Leblond discovered that LibreOffice's support for binding scripts to click events on graphics could result in unchecked script execution.

 Feed

Ubuntu Security Notice 6766-2 - It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and   show more ...

Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

 Feed

Red Hat Security Advisory 2024-2852-03 - An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 update is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Issues addressed include a server-side request forgery vulnerability.

 Feed

Red Hat Security Advisory 2024-2853-03 - An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP request smuggling, denial of service, and out of bounds read vulnerabilities.

 Feed

Red Hat Security Advisory 2024-2773-03 - Red Hat OpenShift Container Platform release 4.15.13 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware," the company said in a report published on May 15, 2024. The

 Feed

Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris

 Feed

Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances. "The impacts enabled by these flaws are manifold: from the implant of ransomware on the ultrasound machine to the access and manipulation of

 Feed

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all operating systems and Wi-Fi clients, including home and mesh networks that are based on

 Feed

The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware. "The threat actor created a Facebook account with a fake identity disguised as a public official working in the North Korean human rights field," South Korean cybersecurity company Genians

 Data loss

Remember when a US mother was accused of distributing explicit deepfake photos and videos to try to get her teenage daughter's cheerleading rivals kicked off the team? Well, there has been a surprising development. And learn how cybercriminals have been stealing boomers' one-time-passcodes via a secretive   show more ...

online service. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

 Cloud Security

Source: www.techrepublic.com – Author: Nicole Rennolds We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Trying to configure or set up a VPN on your Android? Learn how to get   show more ...

started with […] La entrada How to Set Up & Use a VPN on Android (A Step-by-Step Guide) – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.techrepublic.com – Author: The negative press, coupled with YouTube horror stories, has cemented the Dark Web’s reputation for illicit behavior. Today, the Dark Web is believed to be a platform where cybercriminals sell drugs, weapons, malicious software and piles of consumer and sensitive   show more ...

corporate data. But is the Dark Web just filled with darkness? […] La entrada What Is the Dark Web? – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.techrepublic.com – Author: The way software is developed has changed. DevSecOps is transforming the industry by incorporating security from the early stages and automating traditional processes to build better, faster and more secure software. Ray Fernandez, writing for TechRepublic Premium,   show more ...

presents this DevSecOps glossary to help you navigate the modern world of software development […] La entrada Quick Glossary: DevSecOps – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . May 16, 2024NewsroomRansomware / Incident Response The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. “Storm-1811   show more ...

is a financially motivated cybercriminal group known to deploy Black Basta ransomware,” […] La entrada Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . May 16, 2024NewsroomBrowser Security / Vulnerability Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability   show more ...

relates to a type confusion bug in the V8 […] La entrada Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Pawel Michalowski via Shutterstock Researchers at Belgium’s KU Leuven discovered a fundamental design flaw in the IEEE 802.11 Wi-Fi standard that gives attackers a way to trick victims into connecting with a less secure   show more ...

wireless network than the one to which they intended to connect. Such […] La entrada Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ — Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, and IBM (NYSE: IBM), a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to   show more ...

deliver AI-powered security outcomes for customers. The announcement is a testament to Palo Alto Networks’ and IBM’s commitment […] La entrada Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breach

Source: www.darkreading.com – Author: PRESS RELEASE WILLOW GROVE, Pa., May 14, 2024 /PRNewswire/ — On or around February 6, 2024, Hypertension-Nephrology Associates, P.C. (“the Practice”) became aware it was the target of an extortion attack when an extortion note was found on its computer   show more ...

system. Upon discovery of the extortion note, the Practice took immediate action including engaging cybersecurity […] La entrada Notice of a Data Breach – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE SAN JOSE, CA – May 15, 2024 – Alkira®, the leader in on-demand network infrastructure as-a-service, today announced the closing of a $100 million Series C funding round, bringing the company’s total funding raised to date to $176 million. The   show more ...

round was led by Tiger Global Management, a leading global investment […] La entrada Alkira Raises $100M in Series C Funding to Simplify, Secure and Scale Critical Network Infrastructure – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Andrea Danti via Alamy Stock Photo Phishing emails mimicking DocuSign are rising, thanks to a thriving underground marketplace for fake templates and login credentials. Over the past month, researchers from Abnormal Security claim to   show more ...

have tracked a significant increase in phishing attacks designed to mimic legitimate […] La entrada Scammers Fake DocuSign Templates to Blackmail & Steal From Companies – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BreachForums

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: Convery flowers via Alamy Stock Photo On the morning of May 15, the FBI seized BreachForums’ hacking forum, as well as its Telegram channel. The website is now displaying a message alerting visitors that it has been taken down by   show more ...

the FBI and US […] La entrada FBI, DoJ Shut Down BreachForums, Launch Investigation – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: KsanderDN via Shutterstock Researchers have released an exploit for a zero-day security flaw in a family of D-Link routers that can allow attackers to take over devices and execute commands with root privileges. The SSD   show more ...

Secure Disclosure team of researchers released a proof-of-concept exploit for a […] La entrada D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Matan Getz Matan Getz, CEO & Co-Founder, Aim Security May 15, 2024 5 Min Read Source: marcos alvarado via Alamy Stock Photo COMMENTARY We are now deep in the age of artificial intelligence (AI). Much more than a passing trend, this transformative technology is set to   show more ...

fundamentally alter the way we do […] La entrada 3 Tips for Becoming the Champion of Your Organization’s AI Committee – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan ​Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. “Google is aware that an exploit for CVE-2024-4947 exists in the wild,” the search giant said in a   show more ...

security advisory published on Wednesday. The high-severity zero-day vulnerability (CVE-2024-4947) […] La entrada Google fixes third actively exploited Chrome zero-day in a week – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan ​Google is introducing multiple anti-theft and data protection features later this year, some available only for Android 15+ devices, while others will roll out to billions of devices running Android 10 and later. To protect your personal and sensitive   show more ...

data if your device is stolen or lost, a new […] La entrada Android to add new anti-theft and data protection features – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams Today, Google announced new security features coming to Android 15 and Google Play Protect that will help block scams, fraud, and malware apps on users’ devices. Announced at Google I/O 2024, the new features are designed not only to help   show more ...

end users but also to warn developers when their apps have been tampered with. “Today, we’re announcing […] La entrada Android 15, Google Play Protect get new anti-malware and anti-fraud features – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company’s external VPN and shut down systems to receive a ransom. The car maker discovered the breach in early November 2023 and discovered recently that   show more ...

the incident exposed personal data belonging to more […] La entrada Nissan North America data breach impacts over 53,000 employees – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan ​The U.S. Department of Justice has indicted two brothers for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a “first-of-its-kind” scheme. Anton   show more ...

Peraire-Bueno and James Pepaire-Bueno were arrested in Boston and New York on Tuesday on charges of wire fraud […] La entrada Brothers arrested for $25 million theft in Ethereum blockchain attack – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: www.bleepingcomputer.com – Author: Bill Toulas Apple’s antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis. From 2020 through 2023, the company also detected more than 14   show more ...

million stolen cards and blocked them from transacting on its platform along with […] La entrada Apple blocked $7 billion in fraudulent App Store purchases in 4 years – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan ​Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims’ networks. Microsoft has been investigating this campaign since at least mid-April   show more ...

2024, and, as they observed, the threat group (tracked as Storm-1811) started their attacks by email bombing […] La entrada Windows Quick Assist abused in Black Basta ransomware attacks – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: 1 UK organizations are trailing their European counterparts on time to remediate software flaws in the US Known Exploited Vulnerability (KEV) catalog, according to a new report from Bitsight. The security vendor reviewed the security posture of 1.4 million   show more ...

entities, excluding cloud and other service providers, to compile its report, A […] La entrada UK Lags Europe on Exploited Vulnerability Remediation – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BreachForums

Source: www.infosecurity-magazine.com – Author: 1 The US authorities appear to have disrupted a notorious hacking forum, just days after a threat actor advertised data stolen from Europol on the site. Although there’s no official word on the action yet, screenshots posted to X (formerly Twitter) show a   show more ...

takedown notice featuring the logos of the FBI, […] La entrada BreachForums Hacking Marketplace Taken Down Again – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Santander: a data breach at a third-party provider impacted customers and employees The Spanish bank Santander disclosed a data breach at a third-party provider that impacted customers in Chile, Spain, and Uruguay. The Spanish financial institution   show more ...

Santander revealed a data breach involving a third-party provider that affected customers in […] La entrada Santander: a data breach at a third-party provider impacted customers and employees – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-05
Aggregator history
Thursday, May 16
WED
THU
FRI
SAT
SUN
MON
TUE
MayJuneJuly