Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for RATs Control: Combat ...

 Firewall Daily

By Riyaz Tambe, Senior Director, Sales Engineering, India, Zscaler In today’s landscape, saying that cyberattacks are rising exponentially in number and sophistication is like saying that the earth revolves around the sun. While this is an obvious statement, it is still the reality that most IT security teams have   show more ...

to contend with day-in, day-out. According to ThreatLabz State of Encrypted Attacks 2023 report, APAC alone saw a 46 percent rise in encrypted attack hits – with India observing 27 percent increase from the previous year.    While ransomware and malwares often grab headlines, Remote Access Trojans (RATs) have been quietly lurking in the background, proving to be a significant threat to organizations globally and in India. In contrast to ransomware, which primarily aims for financial gains by encrypting systems and extorting a ransom, RATs grant attackers full authority over compromised devices. This grants them access to retrieve sensitive data like user credentials, passwords, and financial information.   Additionally, these malicious tools empower attackers to monitor online activities, collect browsing histories, intercept emails and chat records, and even commandeer webcams for invasive surveillance. This covert infiltration poses a substantial risk to individuals, organizations, and national security, necessitating urgent attention.  Releasing Remote Access Trojans (RATs) into the Wild  Remote Access Trojans or RAT attacks often involve the deception of users through the distribution of malicious software disguised as legitimate applications. A recent example of this tactic was observed by ThreatLabz in December 2023. In this case, threat actors created fraudulent websites that mimicked well-known video conferencing platforms like Skype, Google Meet, and Zoom, aiming to distribute Remote Access Trojans to unsuspecting users. These websites, hosted on the same IP address and designed in Russian, were specifically crafted to trick users into downloading malicious files.  The attackers constructed fake websites that closely resembled legitimate platforms, complete with URLs that closely resembled authentic meeting links. When users visited these fraudulent sites, they were prompted to download files, such as APKs for Android or BATs for Windows. Once these files were downloaded or opened, they initiated the installation of malicious files disguised as legitimate applications, thereby setting up Remote Access Trojan software.  By utilizing these RATs, attackers gain complete control over compromised devices, enabling them to access sensitive information, monitor activities, and potentially engage in malicious actions such as data theft and keystroke logging.  India has been a prime target for RAT campaigns, with instances like the notorious APT36 group, which specifically targets individuals associated with military or political affiliations in India and Pakistan, utilizing RATs extensively. Another notable example is CapraRAT, a modified version of the open-source RAT called AndroRAT. This malware possesses various data exfiltration capabilities, enabling it to gather sensitive information such as the victims' locations, phone call history, and contact details.  Pest Control: Getting Rid of Remote Access Trojans (RATs)  With the adoption of hybrid work models in India, the increased reliance on online meeting platforms has created an ideal environment for cybercriminals utilizing Remote Access Trojans. It is crucial to comprehend the nature of these malicious tools, as they provide attackers with unfettered control over compromised devices, facilitating the theft of sensitive data such as credentials, financial information, and the ability to monitor online activities.  As the reliance on online meeting platforms in India is increasing, here are some steps individuals and organizations can take to stay safe:  Promoting security awareness and training: Organizations should prioritize conducting cybersecurity awareness programs to educate employees and users on the risks associated with downloading unfamiliar applications or files. This includes raising awareness about the dangers of phishing scams and social engineering tactics.  Adopting the Zero Trust security model: Embracing the Zero Trust model can strengthen an organization's resilience against RAT attacks. This approach emphasizes identity verification, reduces the attack surface, and enhances incident response capabilities.  Implementing network security measures: Deploying robust network security measures, such as endpoint protection and web filtering, can effectively detect and block malicious activities.  Developing incident response plans: Organizations should establish comprehensive incident response plans to promptly address and mitigate the impact of potential security incidents.  Maintaining software updates: Regularly updating operating systems, applications, and security software is crucial to address vulnerabilities and patch security holes.  By comprehending the risks associated with Remote Access Trojans and implementing a multi-layered approach that incorporates technical safeguards, individuals and organizations can bolster their cybersecurity defenses. This is essential in protecting digital assets, organizational interests, and national security from significant breaches.  In conclusion, maintaining vigilance and exercising caution while online, particularly when encountering unfamiliar websites or download prompts, is of utmost importance. Always verify the URL before clicking on any download buttons and refrain from downloading software from untrusted sources. These practices can help safeguard against falling victim to RAT attacks.  Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

image for Generative AI’s Ga ...

 Firewall Daily

By Sachin Panicker, Chief AI Officer, Fulcrum Digital  Over the past year, Generative AI has gained prominence in discussions around Artificial Intelligence due to the emergence of advanced large multimodal models such as OpenAI's GPT-4, Google’s Gemini 1.5 Pro etc. Across verticals, organizations have been   show more ...

actively exploring Generative AI applications for their business functions. The excitement around the technology, and its vast untapped potential, is reflected in a prediction by Bloomberg that the Generative AI will become a USD 1.3 trillion market by 2032. Insurance is one of the key sectors where Generative AI is expected to have a revolutionary impact – enhancing operational efficiency and service delivery and elevating customer experience. From automating claims processing to predictive risk assessments, let us take a deeper look at some of the Generative AI use cases that will redefine InsurTech in the years ahead. Automated and Efficient Claims Settlement Lengthy and complex claims settlement processes have long been a pain point for insurance customers. Generative AI addresses this by streamlining the claims process through seamless automation. AI analyzes images or other visual data to generate damage assessments. It can extract and analyze relevant information from documents such as invoices, medical records, and insurance policies – enabling it to swiftly determine the validity of the claim, as well as the coverage, and expedite the settlement. This serves to improve process efficiency, reduce the administrative burden on staff, and significantly boost customer satisfaction. Optimized Underwriting and Streamlining Risk Assessment Underwriting is another key area where this technology can create immense value for insurance firms. With their ability to analyze vast amounts of data, Generative AI models build comprehensive risk assessment frameworks that enable them to swiftly identify patterns and highlight potential risks. It automates evaluation of a policy applicant’s data, including medical and financial records submitted, in order to determine the appropriate coverage and premium. Leveraging AI, underwriters are empowered to better assess risks and make more informed decisions. By reducing manual effort, minimizing the possibility of human error, and ensuring both accuracy and consistency in risk assessment, Generative AI is poised to play a pivotal role in optimizing underwriting processes. Empowering Predictive Risk Assessment Generative AI’s ability to process and analyze complex data is immensely valuable in terms of building capabilities for predictive risk assessment. Analyzing real-time and historical data, and identifying emerging patterns and trends, the technology enables insurers to develop more sophisticated models of risk assessment that factor in a wide range of parameters – past consumer behavior, economic indicators, and weather patterns, to name a few. These models allow insurers to assess the probability of specific claims, for instance, those related to property damage, or automobile accidents. Moreover, the predictive capabilities of Generative AI help insurers offer more tailored coverage and align their pricing strategies with a dynamic environment. The ongoing risk monitoring and early detection of potential issues that the technology facilitates can also prove highly effective when it comes to fraud prevention. Through continuous analysis of data streams, AI identifies subtle changes and anomalous patterns that might be indicative of fraudulent activity. This empowers insurers to take proactive measures to identify possible fraudsters, prevent fraud, and mitigate potential losses. The robust predictive risk assessment capabilities offered by Generative AI thus serve to strengthen insurer’s business models, secure their services against fraud and other risks, and enhance customer trust and confidence in the coverage provided. Unlocking Personalized Customer Service In a digitally driven world, personalization has emerged as a powerful tool to effectively engage customers and elevate their overall experience. By analyzing vast amounts of consumer data, including interactions across the insurer’s digital touchpoints, Generative AI gains insights into consumer behavior and preferences, which in turn enables it to personalize future customer service interactions. For instance, by analyzing customer profiles, historical data, and various other factors, AI can make personalized policy recommendations, tailored to an individual customer’s specific needs, circumstances, and risk profile. Simulating human-like conversation with near-perfection, Generative AI can also engage with customers across an insurer’s support channels, resolving queries and providing guidance or making recommendations based on their requirements. The personal touch that Generative AI brings to customer engagement, as compared to other more impersonal digital interfaces, coupled with the valuable tailored insights and offerings they provide, will go a long way towards helping insurers build long-term relationships with policyholders. Charting a Responsible Course with Generative AI in Insurance The outlook for Generative AI across sectors looks bright, and insurance is no exception to the trend. Insurance firms that embrace the technology, and effectively integrate it into their operations, will certainly gain a significant competitive advantage through providing innovative solutions, streamlining processes, and maximizing customer satisfaction. This optimism however must be tempered with an acknowledgment of concerns by industry stakeholders, and the public at large, around data privacy and the ethics of AI-driven decision-making. Given that insurance is a sector heavily reliant on sustained consumer trust, it is essential for leaders to address these concerns and chart a course towards responsible AI adoption, in order to truly reap the benefits of the technology and usher in a bold new era of InsurTech. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

image for Beware of the Antido ...

 Firewall Daily

The Antidot Android banking trojan is a new threat on the surface web, disguising itself as a Google Play update, targeting Android users worldwide. The android banking trojan is a stealthy malware strategically designed to infiltrate devices, harvest sensitive information, and wreak havoc across diverse   show more ...

language-speaking regions. Revealed by cybersecurity experts at Cyble Research and Intelligence Labs (CRIL), the Antidot banking trojan represents a sophisticated evolution in mobile malware. Unlike its predecessors, Antidot employs a range of malicious tactics, including overlay attacks, keylogging, and VNC features, to compromise devices and extract valuable data. Decoding the Antidot Android Banking Trojan Campaign [caption id="attachment_68993" align="alignnone" width="1447"] Source: Cyble[/caption] At its core, Antidot masquerades as a legitimate Google Play update application, luring unsuspecting users into its trap. Upon installation, it presents counterfeit Google Play update pages meticulously crafted in various languages, including German, French, Spanish, Russian, Portuguese, Romanian, and English. This strategic approach indicates a broad spectrum of targets, spanning multiple regions and demographics. [caption id="attachment_68994" align="alignnone" width="1536"] Source: Cyble[/caption] Behind its deceptive façade, Antidot operates with alarming sophistication. Leveraging overlay attacks as its primary modus operandi, the Trojan seamlessly overlays phishing pages onto legitimate applications, capturing sensitive credentials without the user's knowledge.  Additionally, Antidot integrates keylogging functionality, surreptitiously recording keystrokes to further enhance its data harvesting capabilities. Sophisticated Communication and Control (C&C) Server [caption id="attachment_68996" align="alignnone" width="1232"] Source: Cyble[/caption] Antidot maintains a stealthy line of communication with its Command and Control (C&C) server, facilitating real-time interaction for executing commands and transmitting stolen data. Through WebSocket communication, the malware establishes bidirectional connections, enabling seamless coordination between the infected devices and the malicious actors behind the scenes. [caption id="attachment_68998" align="alignnone" width="1071"] Source: Cyble[/caption] One of Antidot's most insidious features is its implementation of VNC (Virtual Network Computing), enabling remote control of infected devices. By leveraging the MediaProjection feature, the Trojan captures and transmits display content to the C&C server, allowing attackers to remotely execute commands and manipulate device functions. [caption id="attachment_69000" align="alignnone" width="1483"] Source: Cyble[/caption] To combat the growing threat posed by Antidot and similar Android banking trojans, cybersecurity experts from Cyble recommend adhering to essential best practices. These include downloading software from official app stores like Google Play or the iOS App Store.  Users can also utilize reputable antivirus and internet security software on all connected devices. Other precautionary methods include enforcing strong passwords and enabling multi-factor authentication whenever possible. Exercise caution when clicking on links received via SMS or email. Keep devices, operating systems, and applications up to date to mitigate potential vulnerabilities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Feed

The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target over 1,500 banks across the world, spanning more than 60 countries in Central and South

 Feed

The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles on April 12 and May 16, respectively. The foreign nationals have been "charged for leading a scheme

 cyber

Source: www.darkreading.com – Author: Rex Booth 5 Min Read Source: Bryan Sikora via Alamy Stock Photo COMMENTARY The unfortunate truth is, if you’re looking for an entry-level position in the cybersecurity field, there aren’t many on-ramps. The wide-ranging security certification bodies and training   show more ...

organizations that dominate the industry have convinced many — maybe even most […] La entrada There Is No Cyber Labor Shortage – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chinese

Source: thehackernews.com – Author: . The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in   show more ...

Atlanta and Los Angeles on April 12 and […] La entrada Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Banking

Source: thehackernews.com – Author: . May 19, 2024NewsroomBanking Troja / Email Security The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely   show more ...

facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target over 1,500 banks […] La entrada Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas The banking trojan “Grandoreiro” is spreading in a large-scale phishing campaign in over 60 countries, targeting customer accounts of roughly 1,500 banks. In January 2024, an international law enforcement operation involving Brazil, Spain,   show more ...

Interpol, ESET, and Caixa Bank announced the disruption of the malware operation, which had been targeting Spanish-speaking countries since 2017 […] La entrada Banking malware Grandoreiro returns after police disruption – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Lohrmann on Cybersecurity The dramatic growth in GenAI and AI adoption is bringing increased demand for energy to power data centers. Where is this heading? How can we navigate a sustainable energy future with exploding technology usage? May 19, 2024 •  Dan Lohrmann   show more ...

Shutterstock As generative AI surges in popularity in almost […] La entrada AI’s Energy Appetite: Challenges for Our Future Electricity Supply – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Security Bloggers Network  Home » Security Bloggers Network » USENIX Security ’23 – Controlled Data Races In Enclaves: Attacks And Detection by Marc Handelman on May 18, 2024 Authors/Presenters:Sanchuan Chen, Zhiqiang Lin, Yinqian Zhang Many thanks   show more ...

to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the […] La entrada USENIX Security ’23 – Controlled Data Races In Enclaves: Attacks And Detection – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Careers

Source: securityboulevard.com – Author: James Tobias The London Drugs cyber attack has been making headlines throughout the country. What makes this breach unique, is the impact it has had on operations and customer access. Following the attack, all 79 London Drug stores shut down for over a week. Leaving their   show more ...

customers with difficulty accessing prescriptions […] La entrada London Drugs cyber attack: What businesses can learn from its week-long shutdown – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION  |  North Korea-linked Kimsuky used a new Linux backdoor in recent attacks  |  North Korea-linked IT workers infiltrated hundreds of US firms  |    show more ...

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs  |  […] La entrada Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini North Korea-linked Kimsuky used a new Linux backdoor in recent attacks Symantec warns of a new Linux backdoor used by the North Korea-linked Kimsuky APT in a recent campaign against organizations in South Korea.  Symantec researchers observed the North   show more ...

Korea-linked group Kimsuky using a new Linux backdoor dubbed Gomir. […] La entrada North Korea-linked Kimsuky used a new Linux backdoor in recent attacks – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini North Korea-linked IT workers infiltrated hundreds of US firms The U.S. Justice Department charged five individuals, including a U.S. woman, for aiding North Korea-linked IT workers to infiltrate 300 firms. The Justice Department unsealed charges against   show more ...

an Arizona woman, a Ukrainian man, and three unidentified foreign nationals accused of […] La entrada North Korea-linked IT workers infiltrated hundreds of US firms – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Feature In April, attorney Christine Dudley was listening to a book on her iPhone while playing a game on her Android tablet when she started to see in-game ads that reflected the audiobooks she recently checked out of the San Francisco Public Library. Her   show more ...

audiobook consumption, she explained, had […] La entrada An attorney says she saw her library reading habits reflected in mobile ads. That’s not supposed to happen – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-05
Aggregator history
Sunday, May 19
WED
THU
FRI
SAT
SUN
MON
TUE
MayJuneJuly