Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Western Sydney Unive ...

 Firewall Daily

Western Sydney University (WSU) finds itself grappling with a cybersecurity challenge as a recent data breach affects approximately 7,500 individuals associated with the institution. Situated in the western suburbs of Sydney, WSU boasts multiple campuses, but this Western Sydney University data breach has sent ripples   show more ...

of concern throughout its community. The cyberattack on Western Sydney University, initially identified in January 2024, prompted swift action from WSU, which promptly shut down its IT network and implemented security measures. Subsequent investigations revealed that the breach originated as far back as May 17, 2023, infiltrating WSU's Microsoft Office 365 platform.  Understanding the Western Sydney University Data Breach This WSU data breach led to unauthorized access to certain SharePoint files and email accounts. Even more concerning, WSU's Solar Car Laboratory infrastructure was found to have been utilized as part of the breach, indicating a sophisticated intrusion. Despite the breach, WSU has assured its community that there have been no direct threats made regarding the compromised information. In a statement, the university emphasized, "The University has not received any demands in exchange for maintaining privacy." This statement aims to alleviate fears of potential ransom demands or further exploitation of the breached data. In response to the breach, WSU has initiated a collaborative effort with NSW Police and the NSW Information and Privacy Commission to investigate the incident thoroughly. The university's Interim Vice-Chancellor, Professor Clare Pollock, expressed regret over the breach and extended heartfelt apologies to those affected. "On behalf of the University, I unreservedly apologize for this incident and its impact on our community," Professor Pollock stated, acknowledging the disruption and concern caused by the breach. Supporting Students and Teachers Against Data Breach To support individuals affected by the breach, WSU has established dedicated communication channels, including a dedicated phone line and website, to address inquiries and provide assistance. This proactive approach demonstrates WSU's commitment to transparency and accountability in addressing the aftermath of the breach. Beyond the immediate impact on WSU's community, the breach underscores broader concerns surrounding cybersecurity and the protection of sensitive data. In response to the severity of the breach, the NSW Supreme Court has granted an injunction to prevent the unauthorized use of the compromised data, signaling the legal ramifications of such breaches. In conclusion, the Western Sydney University data breach serves as a stark reminder of the ever-present cybersecurity risks faced by institutions and individuals alike. Through collaborative efforts and a commitment to transparency, WSU aims to address the breach's impact and strengthen its cybersecurity posture to prevent future incidents. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Palo Alto Networks L ...

 Business News

After years of hypergrowth, Palo Alto Networks’ (PANW) revenue growth has been slowing, suggesting major shifts in cybersecurity spending patterns and raising investor concerns about the cybersecurity giant’s long-term growth potential. Even as overall cybersecurity spending is predicted to remain strong, Palo   show more ...

Alto’s revenue growth has dropped to roughly half of the 30% growth rate investors have enjoyed for the last several years. Also Read: Digital Transformation Market to grow to $1247.5 Billion by 2026 Those concerns came to a head in February, when Palo Alto’s stock plunged 28% in a single day after the company slashed its growth outlook amid a move to “platformization,” with the company essentially giving away some products in hopes of luring more customers to its broader platform. Investor caution continued yesterday after the company merely reaffirmed its financial guidance, suggesting the possibility of a longer road back to hypergrowth. PANW shares were down 3% in recent trading after initially falling 10% after the company’s latest earnings report was released yesterday. Fortinet (FTNT), Palo Alto’s long-term network security rival, is also struggling amid cybersecurity market uncertainty, as analysts expect the company’s growth rate to slow from greater than 30% to around 10%. SIEM, AI Signal Major Market Shifts The changes in cybersecurity spending patterns show up most clearly in SIEM market consolidation and AI cybersecurity tools. Buyers may be waiting to see what cybersecurity vendors do with AI. On the company’s earnings call late Monday, Palo Alto CEO Nikesh Arora told analysts that he expects the company “will be first to market with capabilities to protect the range of our customers' AI security needs.” Seismic changes in the market for security information and event management (SIEM) systems are another sign of a rapidly changing cybersecurity market. Cisco’s (CSCO) acquisition of Splunk in March was just the start of major consolidation among legacy SIEM vendors. Last week, LogRhythm and Exabeam announced merger plans, and on the same day Palo Alto announced plans to acquire QRadar assets from IBM. AI and platformization factored strongly into those announcements. Palo Alto will transition QRadar customers to its Cortex XSIAM next-gen security operations (SOC) platform, and Palo Alto will incorporate IBM’s watsonx large language models (LLMs) in Cortex XSIAM “to deliver additional Precision AI solutions.” Palo Alto will also become IBM’s preferred cybersecurity partner across cloud, network and SOC. Forrester analysts said of the Palo Alto-IBM deal, “This is the biggest concession of a SIEM vendor to an XDR vendor so far and signals a sea change for the threat detection and response market. Security buyers may be finally getting the SIEM alternative they’ve been seeking for years.” The moves may yet be enough to return Palo Alto to better-than-expected growth, but one data point on Monday’s earnings call suggests buyers may be cautious. “We have initiated way more conversations in our platformization than we expected,” said Arora. “If meetings were a measure of outcome, they have gone up 30%, and a majority of them have been centered on platform opportunities.” It remains to be seen if sales will follow the same growth trajectory as meetings. For now, it’s clear that even as the overall cybersecurity market remains strong, the undercurrents suggest rapid changes in where that money is going. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for UK’s ICO Warns Not ...

 Compliance

UK data watchdog has warned against ignoring the data protection risks in generative artificial intelligence and recommended ironing out these issues before the public release of such products. The warning comes on the back of the conclusion of an investigation from the U.K.’s Information Commissioner’s Office   show more ...

(ICO) into Snap, Inc.'s launch of the ‘My AI’ chatbot. The investigation focused on the company's approach to assessing data protection risks. The ICO's early actions underscore the importance of protecting privacy rights in the realm of generative AI. In June 2023, the ICO began investigating Snapchat’s ‘My AI’ chatbot following concerns that the company had not fulfilled its legal obligations of proper evaluation into the data protection risks associated with its latest chatbot integration. My AI was an experimental chatbot built into the Snapchat app that has 414 million daily active users, who on a daily average share over 4.75 billion Snaps. The My AI bot uses OpenAI's GPT technology to answer questions, provide recommendations and chat with users. It can respond to typed or spoken information and can search databases to find details and formulate a response. Initially available to Snapchat+ subscribers since February 27, 2023, “My AI” was later released to all Snapchat users on April 19. The ICO issued a Preliminary Enforcement Notice to Snap on October 6, over “potential failure” to assess privacy risks to several million ‘My AI’ users in the UK including children aged 13 to 17. “The provisional findings of our investigation suggest a worrying failure by Snap to adequately identify and assess the privacy risks to children and other users before launching My AI,” said John Edwards, the Information Commissioner, at the time. “We have been clear that organizations must consider the risks associated with AI, alongside the benefits. Today's preliminary enforcement notice shows we will take action in order to protect UK consumers' privacy rights.” On the basis of the ICO’s investigation that followed, Snap took substantial measures to perform a more comprehensive risk assessment for ‘My AI’. Snap demonstrated to the ICO that it had implemented suitable mitigations. “The ICO is satisfied that Snap has now undertaken a risk assessment relating to My AI that is compliant with data protection law. The ICO will continue to monitor the rollout of My AI and how emerging risks are addressed,” the data watchdog said. Snapchat has made it clear that, “While My AI was programmed to abide by certain guidelines so the information it provides is not harmful (including avoiding responses that are violent, hateful, sexually explicit, or otherwise dangerous; and avoiding perpetuating harmful biases), it may not always be successful.” The social media platform has integrated safeguards and tools like blocking results for certain keywords like “drugs,” as is the case with the original Snapchat app. “We’re also working on adding additional tools to our Family Center around My AI that would give parents more visibility and control around their teen’s usage of My AI,” the company noted. ‘My AI’ Investigation Sounds Warning Bells Stephen Almond, ICO Executive Director of Regulatory Risk said, “Our investigation into ‘My AI’ should act as a warning shot for industry. Organizations developing or using generative AI must consider data protection from the outset, including rigorously assessing and mitigating risks to people’s rights and freedoms before bringing products to market.” “We will continue to monitor organisations’ risk assessments and use the full range of our enforcement powers – including fines – to protect the public from harm.” Generative AI remains a top priority for the ICO, which has initiated several consultations to clarify how data protection laws apply to the development and use of generative AI models. This effort builds on the ICO’s extensive guidance on data protection and AI. The ICO’s investigation into Snap’s ‘My AI’ chatbot highlights the critical need for thorough data protection risk assessments in the development and deployment of generative AI technologies. Organizations must consider data protection from the outset to safeguard individuals' data privacy and protection rights. The final Commissioner’s decision regarding Snap's ‘My AI’ chatbot will be published in the coming weeks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for CyberArk to Acquire ...

 Mergers & Aquisitions

CyberArk, a leading identity security provider announced its definitive agreement to acquire Venafi, a leading machine identity management provider from Thoma Bravo. The acquisition will merge Venafi’s advanced machine identity management capabilities with CyberArk’s identity security expertise, creating a   show more ...

comprehensive platform for enterprise-scale machine identity security. CyberArk CEO Matt Cohen said in a Monday investors call, "Our combined solutions and expertise will uniquely address the growing identity security needs of global enterprises to secure the explosive growth of machine identities. These identities are increasingly leveraged in sophisticated cyberattacks." The rise in digital transformation and cloud migration has led to a surge in machine identities, including workloads, applications, IoT devices and containers. Machine identities now outnumber human identities significantly, with over 40 machine identities for each human identity. These identities, if unprotected, are prime targets for cybercriminals. Effective management and security of machine identities are crucial, especially with shorter certificate lifecycles and the need for quantum-ready solutions. Forrester says there is a growing urgency in managing machine identities due to their exponential increase. Historically, enterprises have focused less on machine identities compared to human identities because of the former's unique requirements and lifecycle challenges. However, the growth in machine identities for devices and cloud workloads demands improved management to mitigate associated risks, it said. "Cloud computing has expanded the attack surface, increasing the connectivity between humans and machines in a perimeter-less world," Cohen said. "Every workload, API application, consumer and IoT device is now connected, and each connection point creates a potential vulnerability." CyberArk is proficient in securing and managing access secrets, and Cohen states that acquiring Venafi will enhance these capabilities for machine identities, which is crucial due to cloud computing, connectivity, and regulatory demands. Traditional methods lack the necessary visibility, context, automation and scalability for today's enterprises, Cohen noted. Poorly managed identities can lead to costly downtime, unhappy customers and higher cyber risks, and with this technological acquisition he planned to address these issues. The Acquisition, a Mix of Strategic Synergies Technological Integration: The integration of Venafi’s certificate lifecycle management, private Public Key Infrastructure (PKI), IoT identity management and cryptographic code signing with CyberArk’s secrets management will enhance security against the misuse and compromise of machine identities. This unified solution will support rapid risk mitigation across various deployment models, including SaaS and hybrid environments. Market Expansion: Venafi’s strengths in PKI and certificate management will expand CyberArk’s total addressable market by nearly $10 billion, reaching approximately $60 billion. Chip Virnig, a partner at Thoma Bravo said, "We believe CyberArk is a great partner for Venafi and that the scaled end-to-end machine identity security platform created by this strategic combination will deliver significant value to shareholders." Acquisition Details Transaction Value: CyberArk will acquire Venafi for an enterprise value of approximately $1.54 billion, consisting of about $1 billion in cash and $540 million in CyberArk shares. Board Approvals: The Boards of both CyberArk and Venafi have approved the transaction. Closing Timeline: The acquisition is expected to close in the second half of 2024, pending regulatory approvals and customary conditions. Financial Impact Revenue Contribution: Venafi is expected to add approximately $150 million in annual recurring revenue (ARR). Business Model: Venafi boasts a strong business model with 95% recurring revenue, including SaaS and term-based licenses. Synergies and Expansion: The transaction is anticipated to be immediately accretive to margins and drive significant revenue synergies through cross-selling, up-selling, and geographic expansion. CyberArk is considered one of the global leaders in identity security, offering solutions for both human and machine identities across various environments, including business applications, hybrid clouds, and DevOps lifecycles. The company acquired multi-cloud security and compliance provider C3M in July 2022 for $28.3 million to enhance its cloud privilege security offerings. CyberArk also acquired Aapi.io in March 2022 to bolster Identity Lifecycle Management capabilities and broaden Identity Automation and Orchestration capabilities across its Identity Security Platform. Venafi on the other hand is a pioneer in machine identity management, protecting machine-to-machine connections through cryptographic key and digital certificate orchestration. Venafi’s solutions offer global visibility and automated remediation to safeguard machine identities across diverse environments, ensuring secure information flow and preventing untrusted machine communication. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for “Incognito Market ...

 Threat Actors

The U.S. law enforcement has arrested an alleged operator of "Incognito Market," a major online dark web narcotics marketplace that facilitated more than $100 million in illegal narcotics sales globally. Rui-Siang Lin, a 23-year-old from Taiwan, was arrested at John F. Kennedy Airport on May 18 for allegedly   show more ...

operating the Incognito Market using the pseudonym "Pharoah." Lin oversaw all aspects of the site, including managing employees, vendors and customers, revealed an unsealed indictment filed with the federal court at the U.S. Southern District of New York. Since its inception in October 2020 until its closure in March, Incognito Market sold vast quantities of illegal narcotics, including hundreds of kilograms of cocaine and methamphetamines, globally via the dark web site that could be reached through Tor web browser. The underground marketplace facilitated an overall sale of more than $100 million of narcotics in its 41 months of operation. The popularity of this marketplace can be gauged from the fact that by June 2023 it was generating sales of $5 million per month. [caption id="attachment_69369" align="aligncenter" width="2560"] Credit: Justice Department[/caption] Features and Transactions of Incognito Market Incognito Market mimicked legitimate e-commerce sites with features like branding, advertising and customer service. Users could search listings for various narcotics after logging in with unique credentials. [caption id="attachment_69367" align="aligncenter" width="624"] Credit: Justice Department[/caption] The site offered illegal narcotics and misbranded prescription drugs, including heroin, cocaine, LSD, MDMA, oxycodone, methamphetamines, ketamine, and alprazolam. [caption id="attachment_69368" align="aligncenter" width="624"] Credit: Justice Department[/caption] “For example, in November 2023, an undercover law enforcement agent received several tablets that purported to be oxycodone, which were purchased on Incognito Market. Testing on those tablets revealed that they were not authentic oxycodone at all and were, in fact, fentanyl pills,” the Justice Department said. Vendors paid a non-refundable admission fee of $750 and a 5% commission on each sale to Incognito Market, according to the indictment. This fee funded market operations, including salaries and server costs. Incognito Market also operated its own “bank,” to facilitate the illicit transactions. This bank allowed users to deposit cryptocurrency, which facilitated anonymous transactions between buyers and sellers while deducting the site’s commission, again of 5%. [caption id="attachment_69376" align="aligncenter" width="398"] Credit: Justice Department[/caption] This banking service obscured the locations and identities of vendors and customers from each other and from law enforcement. It kept the financial information of vendors and buyers separate, making it more difficult for any one actor on the marketplace to learn any other actor’s true identity, a complaint filed against Lin said. The bank also offered an “escrow” service enabling both buyers and customers to have additional security concerning their narcotics transactions. The escrow service was set in such a way that a buyer’s money would be released to a seller only after specified actions, for example, the shipment of narcotics is made. “With the escrow service, sellers know they will be paid for their illegal narcotics and buyers know their payments will be released to sellers after specified events occur,” the complaint said. The Exit Scam As Lin suddenly shuttered the Incognito Market in March 2024, he tried pulling an exit scam stealing the users’ funds stored in its escrow system and also tried to ransom the market’s drug vendors. Lin demanded ransom in the range of $100 to $2,000 from them in exchange of not turning their data over to the law enforcement. Lin’s Technical Prowess Lin seems like a knowledgeable person in the field of security and cryptocurrency, as per social media accounts listed in the complaint against him. Lin’s GitHub account describes him as a “Backend and Blockchain Engineer, Monero Enthusiast.” This GitHub account has approximately 35 publicly available software coding projects. “Collectively, these coding projects indicate that LIN has significant technical computing knowledge, including knowledge necessary to administer a site like (“Incognito Marketplace”),” the complaint said. The coding projects include operation of cryptocurrency servers and web applications like PoW Shield, a tool to mitigate DDoS attacks; Monero Merchant, a software tool that allows online merchants to accept XMR for payment; and Koa-typescript-framework, a webframe software program used as a foundation for web applications. Lin also did a YouTube interview explaining how his anti-DDoS tool “PoW Shield” worked for Pentester Academy TV in October 2021, displaying his technical prowess. The final evidence that law enforcement found linking Lin to the administrator “Pharoah” of Incognito Market was a “simple” hand-drawn workflow diagram of a darknet marketplace that was mailed from Lin’s personal email address. [caption id="attachment_69380" align="aligncenter" width="1690"] Workflow of Darknet Marketplace sent from Lin's personal email account. Credit: Justice Department[/caption] “This diagram appears to be a plan for a darknet market. Notably, the diagram indicated “vendor,” “listing,” “pgp key,” and “admin review,” all of which are features of (Incognito Market),” the complaint said. Charges and Potential Sentences Lin faces the following potential sentencing, if convicted: Continuing Criminal Enterprise: Mandatory minimum penalty of life in prison. Narcotics Conspiracy: Maximum penalty of life in prison. Money Laundering: Maximum penalty of 20 years in prison. Conspiracy to Sell Adulterated and Misbranded Medication: Maximum penalty of five years in prison. A federal district court judge will determine Lin's sentence after reviewing the U.S. Sentencing Guidelines and other statutory factors. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for BreachForums Fallout ...

 Firewall Daily

Secretforums, a data leaks forum, announced that it would bestow former BreachForums members with ranks similar to what they had previously held on the seized forums. The BreachForums domain had recently been taken down in a joint-law enforcement operation, with its main admin Baphomet reportedly being arrested. After   show more ...

its seizure, several other individuals and groups have been vying for control and credibility over the displaced cybercriminal community. Secretforums Admin Alleges Ex-BreachForums Admin Was Informer While the veracity of these claims are unknown and doubted, the SecretForums and former owner of Blackforums stated his belief that Baphomet, the admin and owner of BreachForums following its previous take down, was an informer to law enforcement. The Secretforums admin alleged that Baphomet expressed strong interest in being involved with the infrastucture management of Blackforums and had been attempting to influence him towards the set up of a bastion server to assist with logs and security issues. [caption id="attachment_69355" align="alignnone" width="433"] Source: Secretforums Telegram[/caption] The Secretforums admin claimed that that the requests had never been fulfilled with full access never being granted to anyone, including the other admins of Secretforums and that he was solely responsible for the forum's infrastructure and security. Additionally, the admin alleged that no logs were ever saved from either site aside from email addresses, usernames and password hashes for essential site functionality. The earlier allegations along with the offer to grant similar roles to ex-BreachForums members may be part of a concerted effort to gain traction among the seized forum's former members and contributors. The admin also cast doubt on the new admin ShinyHunters and their efforts to rebuild BreachForums through the use of older backups. [caption id="attachment_69354" align="alignnone" width="555"] Source: Secretforums Telegram[/caption] The admin directed ex-members to reach out to a specified handle with proof of their previous ranks along with their Secretforums username to be receive similar ranks, through a message on the Secretforums Telegram channel. USDoD Shares Updates on 'Breach Nation' Details In addition to the Secretforums development, the threat actor USDoD shared further details about his attempts towards to build Breach Nation in a long post on X(Twitter). The threat actor claimed that neither he nor Breach Nation were affiliated with BreachForums' staff. [caption id="attachment_69353" align="alignnone" width="447"] Source: X.com (@EquationCorp)[/caption] USDoD attempted to differentiate Breach Nation from BreachForums in stating that the new forum would not feature a porn section, and restrict itself to upload of databases and leads as a primary focus while not allowing for the upload of files such as combos and stealer logs 'to ensure the best quality content'. Additionally the site would be organized into "High-Quality Leaks" for databases originating from First World countries, and "Secondary Leaks" for leaks stemming from other countries with the lead section separated into its own category. The site would feature a threat intelligence section to facilitate discussions on the subject as the threat actor felt there was a range of opportunities within the scope of the topic. USDoD stated that he was working on obtaining the CDN records from the defunct BreachForums, and cited the presence of a market, functioning escrow system, credit system as similarities to the old forums. However, he also mentioned additional changes that might occur such as the option to use the credit system to boost ranks within the forums and the absence of categories such as software and cracking in the initial stages of the forum where he would function as the sole administrator. The forum would initially be public with a clearnet domain, but would later shift to invite-only and also feature an alternate onion address. These efforts made on both Secretforums and Breach Nation to bolster forum development and appeal to  former BreachForums members highlights the competitiveness between various cybercriminal forums, underlying fears of forum compromise by law enforcement and the recognition of the rank/credit system as a way to gain additional engagement by allowing contributors to build a reputation within the community. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for ‘Linguistic Lumber ...

 Firewall Daily

A critical security vulnerability(CVE-2024-4323) referred to as "Linguistic Lumberjack," has been found within Fluent Bit, a widely-used logging and metrics tracking utility employed within major cloud infrastructure services. Fluent Bit is an open-source, lightweight data collector and processor service   show more ...

designed to handle large volumes of log data from various sources on Windows, Linux, and macOS operating systems. Its scalability and ease of use make it a preferred choice for usage in cloud environments and sees at least 10 million daily deployments. The Linguistic Lumberjack vulnerability could potentially enable attackers to execute Denial of Service (DoS) attacks, disclose sensitive information, or even gain remote code execution (RCE) capabilities. Linguistic Lumberjack Vulnerability The Linguistic Lumberjack vulnerability stems from a heap buffer overflow flaw in Fluent Bit's built-in HTTP server, particularly in how it handles the /api/v1/traces endpoint. This endpoint enables administrators to configure how FluentBit handles its tracing and monitoring operations. [caption id="attachment_69409" align="alignnone" width="2040"] Source: www.fluentbit.io[/caption] However, due to a lack of proper validation of input types, sending non-string values (such as integers) in the "inputs" array of a request can lead to memory corruption. The code incorrectly assumes these values to be valid MSGPACK_OBJECT_STRs. Through the intentional passing of integer values in the "inputs" array field, an attacker can trigger various memory corruption issues, including heap buffer overflows and crashes due to attempts to write to protected memory regions. In a controlled environment, Tenable researchers successfully exploited the vulnerability to trigger service crashes (DoS) and the leak of adjacent memory contents, which could potentially include sensitive information in a real-life scenario. Under specific environmental factors, attackers could even exploit the vulnerability to cause denial-of-service conditions or remote code execution. [caption id="attachment_69402" align="alignnone" width="2040"] Source: www.fluentbit.io[/caption] The Fluent Bit utility service is deeply integrated into major Kubernetes distributions from Amazon AWS, Google GCP, and Microsoft Azure. Beyond cloud providers, Fluent Bit is also relied upon by several major tech companies including Cisco, VMware, Intel, Adobe, and Dell. The utility is also known to be used by several major cybersecurity companies. Mitigation and Remediation The critical memory corruption vulnerability was introduced in version 2.0.7 of Fluent Bit and exists up to  version 3.0.3 of the software released on April 27th 2024. The issue has been fixed in the main source branch of Fluent Bit, with the fix expected to be included in the release of the upcoming version 3.0.4 of the software. For Linux, packages containing the fix are already available for download. For users unable to upgrade immediately, the researchers have recommended a review of existing access to Fluent Bit's monitoring API while restricting access to authorized users and services only, and to disable the endpoint if it is not in use. For organizations relying on cloud services known to utilize Fluent Bit, reaching out to the cloud provider to ensure timely updates or mitigations is advised. The researchers have notified the bug's existence to major cloud providers on May 15, 2024, to allow them to initiate their own internal responses. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Kyivstar Cyberattack ...

 Firewall Daily

Ukraine's leading mobile operator, Kyivstar, is facing the aftermath of last year’s cyberattack. In December 2023, the telecom provider faced, what is described by the CEO as, the “biggest cyberattack on telecoms infrastructure in the world”, which left several operations down.  CEO Oleksandr Komarov   show more ...

revealed the impact on Kyivstar's growth trajectory, stating, "Before the cyberattack, we were moving with an increase of 11%-12% quarter-on-quarter in 2023. The cyberattack ate up about 3% of annual growth." While specifics on the affected growth aspects were not provided, Komarov emphasized the significant setback faced by the company. Kyivstar Cyberattack Update According to Reuters, the $90 Million allocation is earmarked for repairing infrastructure damage, fortifying the system against future breaches, and implementing a loyalty program for clients. Kyivstar, a subsidiary of Amsterdam-listed Veon, boasts 24.3 million mobile subscribers and over 1.1 million home internet subscribers, highlighting its significant presence in the Ukrainian telecommunications market. The cyberattack on Kyivstar was not an isolated incident but rather part of a broader pattern of cyber aggression. According to Illia Vitiuk, the head of Ukraine's cybersecurity department, Russian hackers had infiltrated Kyivstar's infrastructure months before the December attack.  The attack, attributed to the Russian state-controlled hacker group Sandworm, left a trail of destruction, wiping out crucial network functions and disrupting services for an extended period. The Technical Details of the Kyivstar Cyberattack Vitiuk's assessment suggests that the attackers may have gained full access to Kyivstar's network as early as November 2023, indicating a prolonged period of vulnerability. The attack's severity prompted concerns about potential data theft, interception of communications, and the compromise of sensitive information. While Kyivstar maintains that no personal or subscriber data was leaked, the incident highlights the grave cybersecurity risks faced by telecommunications operators. The attack's objectives, according to Vitiuk, extended beyond mere disruption, aiming to deliver a psychological blow and gather intelligence. He emphasized the attack's significance as a warning to the Western world, highlighting the escalating cyber threats posed by state-sponsored actors. Despite the challenges posed by the cyberattack, Kyivstar remains committed to restoring normalcy and strengthening its cybersecurity posture. The allocation of substantial resources highlights the company's determination to overcome the aftermath of the attack and safeguard its operations against future threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Kansas City Cyberatt ...

 Firewall Daily

Kansas City faced significant disruptions following a cyberattack, particularly affecting its crucial KC Scout camera system, which monitors Metro highways. The Kansas City cyberattack, occurring over the weekend of May 4, 2024, resulted in widespread system shutdowns, leaving various services offline for an extended   show more ...

period. As a consequence of the attack, the KC Scout camera system, maintained by the Missouri State Highway Patrol, suffered extensive downtime, potentially lasting for months.  Kansas City Cyberattack Shuts Down Major Operations This outage directly impacted crash investigations, as authorities relied heavily on the video footage captured by these cameras. Without this vital resource, the investigative process for accidents became considerably more challenging, particularly in cases with potential criminal implications. Furthermore, the broader implications of the cyberattack extended to essential city services, such as online bill payments and building permits, which remained unavailable nearly two weeks after the initial incident. Despite efforts to restore these services, the city faced logistical issues in bringing systems back online promptly. Kansas City Mayor Quinton Lucas acknowledged the challenges posed by the cyberattack, emphasizing the city's commitment to conducting a thorough investigation while striving to restore services efficiently. Despite the setbacks, essential services such as emergency response, wastewater treatment, and trash pickup remained operational, ensuring minimal disruption to residents' daily lives. "Last week, the city became aware of suspicious activity on our IT network. In response, we proactively shut down parts of the network to secure our systems. This proactive measure resulted in outages to certain operations but was necessary to help to protect the security and integrity of our systems — and to allow us to further our investigation into the cause and potential impact of the issue", said Lucas. Cyberattack on Kansas City is Impacting Citizens The impact of the cyberattack reverberated beyond administrative inconveniences, affecting individuals like Leia Sanders, whose car accident on May 10 highlighted the critical role of KC Scout cameras. Sanders, involved in a collision on Highway 71, discovered that the outage of the surveillance system hindered efforts to determine the accident's cause, leaving her without crucial evidence for insurance purposes, reported Fox 4 Kansas City. “I had no time to do anything, there were cars on both sides of me. I just sat there and was like okay, this has to happen. “After I figured out what was wrong with my car, I called the police department to ask about any cameras that would be on the interstate. They told me that the KC Scout cameras are down right now and there was no way that we could figure out where the tire had come from or anything like that,” Sanders said. The prolonged downtime of the KC Scout cameras elicited frustration among residents and visitors alike, prompting questions about the delay in restoring critical infrastructure. With the timeline for service restoration extending into months, concerns regarding public safety and efficient accident response mechanisms loomed large. As authorities work tirelessly to address the aftermath of the cyberattack, residents are urged to remain patient and vigilant. Despite the challenges posed by the disruption, efforts to restore normalcy are underway, with a concerted focus on bolstering cybersecurity measures to prevent future incidents of this nature. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for EPA Steps Up Enforce ...

 Cybersecurity News

The U.S. Environmental Protection Agency (EPA) issued a stern warning on May 20th, 2024, highlighting the escalating cyber threats to the nation's drinking water systems while outlining stricter enforcement measures to protect water-related critical infrastructure. The Environmental Protection Agency is an   show more ...

independent U.S. agency responsible for protecting human health and the environment. These responsibilities include making sure that Americans have clean air, land and water and overseeing the implementation of federal laws related to these matters. The alert comes as part of a wider government initiative to strengthen national security and address vulnerabilities in critical infrastructure. Environmental Protection Agency Concerned By Recent Inspection Results Recent EPA inspections have revealed alarming cybersecurity gaps in a majority of water systems. More than 70% of inspected systems were found to be non-compliant with the Safe Drinking Water Act, with some exhibiting severe vulnerabilities such as unchanged default passwords and single logins. These weaknesses leave systems susceptible to cyberattacks, which have been observed by the agency to have become increasingly more frequent and severe in recent times. In response to the escalating threat, the EPA is ramping up its enforcement activities under the Safe Drinking Water Act. This includes increasing the number of inspections, initiating civil and criminal enforcement actions where necessary, and ensuring that water systems are adhering to the requirements of risk assessment and emergency response planning. The EPA is also working closely with federal and state partners, including the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, to fortify the nation's water systems against cyber threats. This collaboration includes providing technical assistance, guidance, training, and resources to help water systems implement crucial security measures. "Defending our nation's water supply is central to our mission at the EPA," emphasized Deputy Administrator Janet McCabe. We are leveraging all available tools, including enforcement, to shield our water from cyber threats. The alert reflects the current government's dedication to dealing with the urgency of cyber threats to critical infrastructure, and ensuring that water systems are adequately equipped to counteract these risks to public health. EPA's Key Recommendations for Water Systems The EPA's enforcement alert warned that cyberattacks on water systems could have devastating consequences, potentially disrupting treatment, distribution, and storage of water, damaging critical infrastructure, and even manipulating chemical levels to hazardous amounts. The alert added that small water systems are not exempt from this threat, as recent attacks by nation-state actors have targeted systems of all sizes. The EPA, Cybersecurity and Infrastructure Security Agency (CISA), and the FBI strongly recommend that water systems implement the following cybersecurity measures: Reduce exposure to the public-facing internet. Conduct regular cybersecurity assessments. Immediately change default passwords. Conduct an inventory of operational technology (OT) and information technology (IT) assets. Develop and practice cybersecurity incident response and recovery plans. Backup OT/IT systems. Reduce exposure to vulnerabilities. Conduct cybersecurity awareness training. The EPA and CISA are offering free assistance to water systems to help them implement these crucial changes. Utilities can contact the EPA through its Cybersecurity Technical Assistance Form or email CISA Cyber Hygiene Services at vulnerability@cisa.dhs.gov with the subject line 'Requesting Cyber Hygiene Services'. [caption id="attachment_69563" align="alignnone" width="184"] Source: epa.gov[/caption] The EPA's heightened enforcement measures reflect the urgency of the threat facing the nation's water systems. By working together with federal and state partners and implementing recommended security practices, water systems can significantly enhance their resilience and protect this critical resource from malicious threat actors. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.  

image for Comwave Networks Fac ...

 Firewall Daily

The Medusa ransomware group has allegedly claimed a cyberattack on Comwave, a Canadian communications giant. The ransomware actors listed Comwave as its latest victim after a likely attack on May 18, which targeted critical information contained on the company's customer database. Comwave Networks Inc., claims to   show more ...

be the largest independent communications company in Canada and is renowned for providing internet, network security solutions, and customer support services. Based in the Toronto district of North York and run by president and CEO Yuval Barzakay, Comwave was established in 1999 and serves across Canada. The company also provides some wholesale services in the United States. In 2023, Comwave was acquired by Rogers Communications. Medusa ransomware actors claimed infiltrating Comwave's systems, and exfiltrating a nearly 274.8 gigabytes of sensitive data. Comwave Cyberattack Allegedly Targets Sensitive Data [caption id="attachment_69372" align="alignnone" width="1381"] Source: Dark Web[/caption] Among the information exfiltrated are scanned copies of various personal documents - likely belonging to its customers - such as driving licenses, birth certificates, identity cards, passports, invoices, screenshots of email correspondence, and an internal Excel database. The Medusa ransomware group has issued a deadline, giving Comwave  nine days to comply with their demands, failing which they threatened to publicly release the compromised data. The severity of the situation cannot be overstated, with implications reaching far beyond Comwave Networks Inc. itself. As a leading player in Canada's telecommunications, the cyberattack on Comwave potentially impacts hundreds of thousands of users in 1,100 Canadian and 1,600 U.S. cities that use their services. The Cyber Express has tried reaching out to the organization to learn more about this Comwave Networks cyberattack. However, due to communication issues, contact was not possible, leaving the claims for the Comwave Networks cyberattack unverified.  Who is the Medusa Ransomware Group? The operational status of Comwave's website appears unaffected, suggesting that the attack may have targeted backend systems rather than launching a frontal assault. This modus operandi aligns with Medusa's established tactics, which often involve exploiting vulnerable Remote Desktop Protocols (RDP) and deploying deceptive phishing campaigns.  By utilizing PowerShell for command execution and systematically erasing shadow copy backups, Medusa disrupts data restoration efforts, leaving victims in a precarious position. The Medusa ransomware, which first emerged in June 2021, has grown increasingly audacious over time. Its latest iteration, marked by the creation of the "Medusa Blog," serves as a repository for data leaked from non-compliant victims. Operating within the dark recesses of the internet, Medusa's TOR website serves as a grim reminder of the far-reaching consequences of cybercrime. As organizations grapple with the fallout from cyberattacks like the one targeting Comwave Networks Inc., it becomes imperative to remain vigilant and implement stringent security measures. Detecting and mitigating the threat posed by Medusa and similar ransomware strains requires a concerted effort, one that extends beyond individual companies to encompass collaborative industry-wide initiatives. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Updating our SIEM sy ...

 Business

For many InfoSec teams, security information and event management (SIEM) is at the heart of what they do. A companys security depends to a large extent on how well its SIEM system allows experts to focus directly on combating threats and avoid routine tasks. Thats why almost every update of our Kaspersky Unified   show more ...

Monitoring and Analysis Platform is aimed at improving the user interface, automating routine processes and adding features to make the work of security teams easier. Many of the improvements are based on feedback from our customers InfoSec experts. In particular, the latest version of the platform (3.0.3) introduces the following features and improvements. Writing filter conditions and correlation rules as code Previously, analysts had to set filters and write correlation rules by clicking the conditions they needed. In this update, the redesigned interface now allows advanced users to write rules and conditions as code. Builder mode remains: filter and selector conditions are automatically translated between builder and code modes. Same rule condition in builder and code modes Whats more, builder mode also lets you write conditions using the keyboard. As soon as you start entering a filter condition, Kaspersky Unified Monitoring and Analysis Platform will suggest suitable options from event fields, dictionaries, active sheets, etc. To narrow down the range of options, simply enter the appropriate prefix. For your convenience, condition types are highlighted in different colors. Code mode lets you quickly edit correlation rule conditions, as well as select and copy conditions as code and easily transfer them between different rules or different selectors within a rule. The same code blocks can also be moved to filters (a separate system resource), which greatly simplifies their creation. Extended event schema Kaspersky Unified Monitoring and Analysis Platform retains Common Event Format (CEF) as the basis for the event schema, but we have added the ability to create custom fields, which means you can now implement any taxonomy. No more being limited to vendor-defined fields, you can name event fields anything you want to make it easier to write search queries. Custom fields are typed and must begin with a prefix that determines both its type and the array type. Fields with arrays can only be used in JSON and KV normalizers. Example of normalization using CEF fields and custom fields Automatic identification of event source Kaspersky Unified Monitoring and Analysis Platform administrators no longer need to set up a separate collector for each event type or open ports for each collector on the firewall – in the new version we have implemented the ability to collect events of different formats with a single collector. The collector selects the correct normalizer based on the source IP address. Using a chain of normalizers is permitted. For example, the [OOTB] Syslog header normalizer accepts events from multiple servers and allows you to define a DeviceProcessName and direct bind events to the [OOTB] BIND Syslog normalizer and squid events to the [OOTB] Squid access Syslog normalizer. Kaspersky Unified Monitoring and Analysis Platform: Event parsing The following event normalization options are now available: 1 collector – 1 normalizer. We recommend using this method if you have many events of the same type or many IP addresses from which events of the same type may originate. In terms of SIEM performance, configuring a collector with only one normalizer would be optimal. 1 collector – multiple normalizers, based on IP addresses. This method is available for collectors with a UDP, TCP or HTTP connector. If a UDP, TCP or HTTP connector is specified in the collector at the Transport step, then at the Event Parsing step, on the Parsing settings tab, you can specify multiple IP addresses and select which normalizer to use for events arriving from those addresses. The following types of normalizers are available: JSON, CEF, regexp, Syslog, CSV, KV, XML. For Syslog or regexp normalizers, you can specify additional normalization conditions depending on the value of the DeviceProcessName field. These are by no means the only updates to Kaspersky Unified Monitoring and Analysis Platform. There are also changes related to context tables, simplified binding of rules to correlators and other improvements. All of them are designed to improve the user experience for InfoSec professionals – see the full list here. To learn more about our SIEM system, Kaspersky Unified Monitoring and Analysis Platform, please visit the official product page.

image for Why Your Wi-Fi Route ...

 A Little Sunshine

Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple   show more ...

to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices. Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates. Both Apple and Google operate their own Wi-Fi-based Positioning Systems (WPS) that obtain certain hardware identifiers from all wireless access points that come within range of their mobile devices. Both record the Media Access Control (MAC) address that a Wi-FI access point uses, known as a Basic Service Set Identifier or BSSID. Periodically, Apple and Google mobile devices will forward their locations — by querying GPS and/or by using cellular towers as landmarks — along with any nearby BSSIDs. This combination of data allows Apple and Google devices to figure out where they are within a few feet or meters, and it’s what allows your mobile phone to continue displaying your planned route even when the device can’t get a fix on GPS. With Google’s WPS, a wireless device submits a list of nearby Wi-Fi access point BSSIDs and their signal strengths — via an application programming interface (API) request to Google — whose WPS responds with the device’s computed position. Google’s WPS requires at least two BSSIDs to calculate a device’s approximate position. Apple’s WPS also accepts a list of nearby BSSIDs, but instead of computing the device’s location based off the set of observed access points and their received signal strengths and then reporting that result to the user, Apple’s API will return the geolocations of up to 400 hundred more BSSIDs that are nearby the one requested. It then uses approximately eight of those BSSIDs to work out the user’s location based on known landmarks. In essence, Google’s WPS computes the user’s location and shares it with the device. Apple’s WPS gives its devices a large enough amount of data about the location of known access points in the area that the devices can do that estimation on their own. That’s according to two researchers at the University of Maryland, who theorized they could use the verbosity of Apple’s API to map the movement of individual devices into and out of virtually any defined area of the world. The UMD pair said they spent a month early in their research continuously querying the API, asking it for the location of more than a billion BSSIDs generated at random. They learned that while only about three million of those randomly generated BSSIDs were known to Apple’s Wi-Fi geolocation API, Apple also returned an additional 488 million BSSID locations already stored in its WPS from other lookups. UMD Associate Professor David Levin and Ph.D student Erik Rye found they could mostly avoid requesting unallocated BSSIDs by consulting the list of BSSID ranges assigned to specific device manufacturers. That list is maintained by the Institute of Electrical and Electronics Engineers (IEEE), which is also sponsoring the privacy and security conference where Rye is slated to present the UMD research later today. Plotting the locations returned by Apple’s WPS between November 2022 and November 2023, Levin and Rye saw they had a near global view of the locations tied to more than two billion Wi-Fi access points. The map showed geolocated access points in nearly every corner of the globe, apart from almost the entirety of China, vast stretches of desert wilderness in central Australia and Africa, and deep in the rainforests of South America. A “heatmap” of BSSIDs the UMD team said they discovered by guessing randomly at BSSIDs. The researchers said that by zeroing in on or “geofencing” other smaller regions indexed by Apple’s location API, they could monitor how Wi-Fi access points moved over time. Why might that be a big deal? They found that by geofencing active conflict zones in Ukraine, they were able to determine the location and movement of Starlink devices used by both Ukrainian and Russian forces. The reason they were able to do that is that each Starlink terminal — the dish and associated hardware that allows a Starlink customer to receive Internet service from a constellation of orbiting Starlink satellites — includes its own Wi-Fi access point, whose location is going to be automatically indexed by any nearby Apple devices that have location services enabled. A heatmap of Starlink routers in Ukraine. Image: UMD. The University of Maryland team geo-fenced various conflict zones in Ukraine, and identified at least 3,722 Starlink terminals geolocated in Ukraine. “We find what appear to be personal devices being brought by military personnel into war zones, exposing pre-deployment sites and military positions,” the researchers wrote. “Our results also show individuals who have left Ukraine to a wide range of countries, validating public reports of where Ukrainian refugees have resettled.” In an interview with KrebsOnSecurity, the UMD team said they found that in addition to exposing Russian troop pre-deployment sites, the location data made it easy to see where devices in contested regions originated from. “This includes residential addresses throughout the world,” Levin said. “We even believe we can identify people who have joined the Ukraine Foreign Legion.” A simplified map of where BSSIDs that enter the Donbas and Crimea regions of Ukraine originate. Image: UMD. Levin and Rye said they shared their findings with Starlink in March 2024, and that Starlink told them the company began shipping software updates in 2023 that force Starlink access points to randomize their BSSIDs. Starlink’s parent SpaceX did not respond to requests for comment. But the researchers shared a graphic they said was created from their Starlink BSSID monitoring data, which shows that just in the past month there was a substantial drop in the number of Starlink devices that were geo-locatable using Apple’s API. UMD researchers shared this graphic, which shows their ability to monitor the location and movement of Starlink devices by BSSID dropped precipitously in the past month. They also shared a written statement they received from Starlink, which acknowledged that Starlink User Terminal routers originally used a static BSSID/MAC: “In early 2023 a software update was released that randomized the main router BSSID. Subsequent software releases have included randomization of the BSSID of WiFi repeaters associated with the main router. Software updates that include the repeater randomization functionality are currently being deployed fleet-wide on a region-by-region basis. We believe the data outlined in your paper is based on Starlink main routers and or repeaters that were queried prior to receiving these randomization updates.” The researchers also focused their geofencing on the Israel-Hamas war in Gaza, and were able to track the migration and disappearance of devices throughout the Gaza Strip as Israeli forces cut power to the country and bombing campaigns knocked out key infrastructure. “As time progressed, the number of Gazan BSSIDs that are geolocatable continued to decline,” they wrote. “By the end of the month, only 28% of the original BSSIDs were still found in the Apple WPS.” Apple did not respond to requests for comment. But in late March 2024, Apple quietly tweaked its privacy policy, allowing people to opt out of having the location of their wireless access points collected and shared by Apple — by appending “_nomap” to the end of the Wi-Fi access point’s name (SSID). Apple updated its privacy and location services policy in March 2024 to allow people to opt out of having their Wi-Fi access point indexed by its service, by appending “_nomap” to the network’s name. Rye said Apple’s response addressed the most depressing aspect of their research: That there was previously no way for anyone to opt out of this data collection. “You may not have Apple products, but if you have an access point and someone near you owns an Apple device, your BSSID will be in [Apple’s] database,” he said. “What’s important to note here is that every access point is being tracked, without opting in, whether they run an Apple device or not. Only after we disclosed this to Apple have they added the ability for people to opt out.” The researchers said they hope Apple will consider additional safeguards, such as proactive ways to limit abuses of its location API. “It’s a good first step,” Levin said of Apple’s privacy update in March. “But this data represents a really serious privacy vulnerability. I would hope Apple would put further restrictions on the use of its API, like rate-limiting these queries to keep people from accumulating massive amounts of data like we did.” The UMD researchers said they omitted certain details from their study to protect the users they were able to track, noting that the methods they used could present risks for those fleeing abusive relationships or stalkers. “We observe routers move between cities and countries, potentially representing their owner’s relocation or a business transaction between an old and new owner,” they wrote. “While there is not necessarily a 1-to-1 relationship between Wi-Fi routers and users, home routers typically only have several. If these users are vulnerable populations, such as those fleeing intimate partner violence or a stalker, their router simply being online can disclose their new location.” The researchers said Wi-Fi access points that can be created using a mobile device’s built-in cellular modem do not create a location privacy risk for their users because mobile phone hotspots will choose a random BSSID when activated. “Modern Android and iOS devices will choose a random BSSID when you go into hotspot mode,” he said. “Hotspots are already implementing the strongest recommendations for privacy protections. It’s other types of devices that don’t do that.” For example, they discovered that certain commonly used travel routers compound the potential privacy risks. “Because travel routers are frequently used on campers or boats, we see a significant number of them move between campgrounds, RV parks, and marinas,” the UMD duo wrote. “They are used by vacationers who move between residential dwellings and hotels. We have evidence of their use by military members as they deploy from their homes and bases to war zones.” A copy of the UMD research is available here (PDF).

image for Transforming CISOs I ...

 Feed

Faced with chilling new SEC rules, chief information security officers are learning soft skills to help them better communicate cybersecurity concerns with the C-suite.

 Govt., Critical Infrastructure

Germany is considering banning the use of Huawei and ZTE equipment in its 5G networks due to national security concerns, despite industry opposition and the potential high costs associated with the removal of the Chinese-made technology.

 Trends, Reports, Analysis

An attorney discovered that the mobile ads she saw were reflecting her recent library audiobook borrowing habits, raising concerns about the privacy of library patron data and the potential for targeted advertising based on that information.

 Feed

CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The web application also   show more ...

contains a cross site scripting vulnerability within the view of a returned command being executed on an agent.

 Feed

Ubuntu Security Notice 6780-1 - Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 6781-1 - Le Dinh Hai discovered that Spreadsheet::ParseExcel was passing unvalidated input from a file into a string-type "eval". An attacker could craft a malicious file to achieve arbitrary code execution.

 Feed

Ubuntu Security Notice 6779-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jan-Ivar Bruaroey   show more ...

discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.

 Feed

The NethServer module installed as WebTop, produced by Sonicle, is affected by a stored cross site scripting vulnerability due to insufficient input sanitization and output escaping which allows an attacker to store a malicious payload as to execute arbitrary web scripts or HTML. Versions 7 and 8 are affected.

 Feed

Red Hat Security Advisory 2024-2945-03 - Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Issues addressed include bypass, cross site scripting, denial of service, and deserialization vulnerabilities.

 Feed

Red Hat Security Advisory 2024-2944-03 - This is the multiarch release of the AMQ Broker 7.12.0 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Issues addressed include denial of service and deserialization vulnerabilities.

 Feed

Red Hat Security Advisory 2024-2938-03 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-2936-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-2935-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-2865-03 - Red Hat OpenShift Container Platform release 4.15.14 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

 Feed

Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service (DoS), information disclosure, or remote code execution. The vulnerability, tracked as CVE-2024-4323, has been codenamed Linguistic Lumberjack by Tenable Research. It impacts versions from 2.0.7 through

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaw, tracked as CVE-2023-43208 (CVSS score: N/A), concerns a case of unauthenticated remote code execution arising from an incomplete

 Feed

The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. "The core of SolarMarker's operations is its layered infrastructure, which consists of at least two clusters: a primary one for active operations and a secondary one likely

 Feed

One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience. Today’s cyber threat landscape is rife with sophisticated attacks aimed at all different parts of the software supply chain and the urgency for software-producing organizations to adopt DevSecOps practices that deeply

 Feed

A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If exploited, it could allow attackers to execute arbitrary code on your system,

 Feed

File Integrity Monitoring (FIM) is an IT security control that monitors and detects file changes in computer systems. It helps organizations audit important files and system configurations by routinely scanning and verifying their integrity. Most information security standards mandate the use of FIM for businesses to ensure the integrity of their data. IT security compliance involves adhering to

 Feed

 Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system. "Deprecating NTLM has been a huge ask from our security community as it will strengthen user authentication, and deprecation is planned in the second half of 2024," the

 Feed

GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication. "On instances that use SAML single sign-on (SSO) authentication with the

 Feed

A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. "The VBScript and PowerShell scripts in the CLOUD#REVERSER inherently involves command-and-control-like activities by using Google Drive and Dropbox as staging platforms to manage file uploads and downloads," Securonix

 Feed

File Integrity Monitoring (FIM) is an IT security control that monitors and detects file changes in computer systems. It helps organizations audit important files and system configurations by routinely scanning and verifying their integrity. Most information security standards mandate the use of FIM for businesses to ensure the integrity of their data. IT security compliance involves adhering to

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: Stevin By Shirley Salzman, CEO and Co-Founder, SeeMetrics As all eyes are towards the updated NIST CSF 2.0 publication, some of the spoilers have already been published – now security leaders not only need to identify, protect, detect, respond and recover; they   show more ...

also need to govern. Most of the CISO’s C-Suite […] La entrada Unlocking the Power of Governance in Cybersecurity: NIST CSF 2.0 Introduces ‘Govern’ to Redefine CISO Leadership in 2024 – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI-powered

Source: www.cybertalk.org – Author: slandau With more than 15 years of experience in cyber security, Manuel Rodriguez is currently the Security Engineering Manager for the North of Latin America at Check Point Software Technologies, where he leads a team of high-level professionals whose objective is to help   show more ...

organizations and businesses meet their cyber security needs. […] La entrada How platformization is transforming cyber security – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Big Tech isn’t much help if you’re an activist trying to work against a military junta, and FOSS tools aren’t a great alternative either, according to opponents of Myanmar’s military regime. Register readers may recall that the regime   show more ...

came to power in 2021, when the military cut off internet […] La entrada Big Tech is not much help when fighting a junta, and FOSS doesn’t ride to the rescue – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Securing open source software may soon become a little bit easier thanks to a new vulnerability info-sharing effort initiated by the Open Source Security Foundation (OpenSSF). Dubbed OpenSSF Siren, the threat intelligence sharing group aims to “aggregate and   show more ...

disseminate threat intelligence” to provide real-time security warning bulletins and deliver […] La entrada OpenSSF sings a Siren song to steer developers away from buggy FOSS – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register WikiLeaks founder Julian Assange can appeal his extradition to the US from the UK, the High Court of England and Wales ruled Monday. Assange, an Australian citizen, has spent the past five years in a London prison as Uncle Sam has sought to haul him over to   show more ...

America where […] La entrada Julian Assange can appeal extradition to the US, London High Court rules – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Updated Google has taken a victory lap in the wake of high-profile intrusions into Microsoft’s systems, and says businesses should ditch Exchange and OneDrive for Gmail and Google Drive. Google’s arguments are laid out in a white paper [PDF]   show more ...

released today titled, “A more secure alternative,” which takes 14 […] La entrada Google takes shots at Microsoft for shoddy security record with enterprise apps – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Updated Police in multiple major US cities have figured out a trick to circumvent bans on facial recognition technology. Just ask a friend in a city without any such restrictions to do it for you. It’s not immediately clear how widespread such   show more ...

side-stepping of facial recognition restrictions in the […] La entrada Can I phone a friend? How cops circumvent face recognition bans – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Infosec boffins say they were forced to go public after QNAP failed to fix various vulnerabilities that were reported to it months ago. Researchers at watchTowr said on Friday that they drilled into QNAP’s QTS, QuTSCLoud, and QTS hero operating systems   show more ...

and found 15 vulnerabilities, with only four of […] La entrada Researchers call out QNAP for dragging its heels on patch development – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 ByteDance

Source: go.theregister.com – Author: Team Register The US Department of Justice and Bytedance spent a rare moment unified on Friday when the duo asked for a fast-tracked court schedule for the Chinese short video apps divest or ban case. The duo, along with eight content creators, petitioned the Court of   show more ...

Appeals for the District of […] La entrada DoJ, ByteDance ask court: Hurry up and rule on TikTok ban already – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . May 21, 2024NewsroomCyber Attack / API Security Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service (DoS), information disclosure, or remote   show more ...

code execution. The vulnerability, tracked as CVE-2024-4323, has been codenamed Linguistic Lumberjack by […] La entrada “Linguistic Lumberjack” Vulnerability Discovered in Popular Logging Utility Fluent Bit – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan ​A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants. Fluent Bit is an extremely popular logging and metrics solution for Windows,   show more ...

Linux, and macOS embedded in major Kubernetes distributions, including those from Amazon […] La entrada Critical Fluent Bit flaw impacts all major cloud providers – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas The California-based imaging sensors manufacturer OmniVision is warning of a data breach after the company suffered a Cactus ransomware attack last year. OmniVision, a subsidiary of the Chinese Will Semiconductor, designs and develops imaging sensors for   show more ...

smartphones, laptops, webcams, automotive, medical imaging systems, and others. In 2023, the company employed […] La entrada OmniVision discloses data breach after 2023 ransomware attack – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Source: Yogesh More via Alamy Stock Photo The North Korean government has dispatched thousands of tech-savvy workers to China, Russia, and other countries in Eastern Europe, Southeast Asia, and Africa to infiltrate freelance networks and   show more ...

find jobs where they have access to sensitive data and systems, according […] La entrada DoJ Shakes Up North Korea's Widespread IT Freelance Scam Operation – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: monticello via Shutterstock Google is using a recent report from the US Cyber Safety Review Board (CSRB) that was critical of Microsoft’s security practices to make a case for its own Google Workspace suite of cloud-hosted   show more ...

email and office productivity apps. In two separate blogs — […] La entrada Google Pitches Workspace as Microsoft Email Alternative, Citing CSRB Report – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: Lucap via Alamy Stock Photo Identity management provider CyberArk announced it will acquire Venafi from Thoma Bravo for more than $1.5 billion to expand into end-to-end machine identity security. Venafi provides machine identity   show more ...

management that CyberArk’s chief strategy officer Clarence Hinton explains will position […] La entrada CyberArk Picks Up Machine Identity Manager Venafi For $1.54B – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE PALO ALTO, Calif., May 16, 2024 – HP Inc. (NYSE: HPQ) today issued its quarterly HP Wolf Security Threat Insights Report, showing attackers are relying on open redirects, overdue invoice lures, and Living-off-the-Land (LotL) techniques to sneak past   show more ...

defences. The report provides an analysis of real-world cyberattacks, helping organizations to […] La entrada HP Catches Cybercriminals 'Cat-Phishing' Users – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breach

Source: www.darkreading.com – Author: PRESS RELEASE BOSTON, May 20, 2024 /PRNewswire/ — CyEx, a leading provider of cyber and data breach response solutions, has announced the acquisition of Simpluris Inc., an award-winning class action settlement administrator for legal, financial and corporate   show more ...

administration services. The acquisition will enable CyEx to access new channels and provide vital data breach restitution to […] La entrada Data Breach Response Provider, CyEx, Acquires Settlement Administrator, Simpluris Inc. – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE New York, NY – May 20, 2024 – Deepfakes are now the second most common cybersecurity incident encountered by businesses in the past year, trailing only behind malware infections, according to research by ISMS.online, the auditor approved compliance   show more ...

platform. Astonishingly over a third of businesses across the US have experienced a […] La entrada Deepfakes Rank As the Second Most Common Cybersecurity Incident for US Businesses – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE ATLANTA, Ga., May 20, 2024 /PRNewswire-PRWeb/ — ZeroRisk Cybersecurity, a leading provider of innovative risk and compliance management solutions to the payment industry, is thrilled to announce the launch of its U.S. operations including the opening   show more ...

of its first U.S. office, marking a significant milestone in the company’s global expansion strategy. […] La entrada ZeroRisk Cybersecurity Expands Global Presence With US Launch – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.darkreading.com – Author: PRESS RELEASE ARLINGTON, Va. – The National Rural Electric Cooperative Association has been awarded $4 million from the Department of Energy to launch Project Guardian, an initiative to advance the cybersecurity posture of electric co-ops by giving them new tools to   show more ...

detect, respond to and recover from cyber threats and attacks. The […] La entrada NRECA Receives $4M in DOE Funding to Boost Electric Co-op Cybersecurity Preparedness – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Arora

Source: www.databreachtoday.com – Author: 1 Security Information & Event Management (SIEM) , Security Operations , Security Operations Center (SOC) QRadar SaaS SIEM Customers Will Be Migrated to XSIAM as Part of $500M Transaction Michael Novinson (MichaelNovinson) • May 21, 2024     Nikesh Arora,   show more ...

chairman and CEO, Palo Alto Networks (Image: Palo Alto Networks) Palo […] La entrada Nikesh Arora on Why Palo Alto Networks Is Buying IBM QRadar – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber

Source: www.databreachtoday.com – Author: 1 Ravisha Chugh Product Marketer, Fortra Ravisha Chugh is Product Marketing Lead at Fortra. With over a decade of experience in cybersecurity, Ravisha is passionate about helping organizations keep their digital information safe. She understands the proactive measures   show more ...

and implementation strategies required to protect sensitive information over email and guard against […] La entrada Navigating the Cyber Threat Landscape with a Human-Centric Approach – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.troyhunt.com – Author: Troy Hunt We often do that in this industry, the whole “1.0” thing, but it seems apt here. I started Have I Been Pwned (HIBP) in 2013 as a pet project that scratched an itch, so I never really thought of myself as an “employee”. Over time, it grew (and   show more ...

I […] La entrada Have I Been Pwned Employee 1.0: Stefán Jökull Sigurðarson – Source: www.troyhunt.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: news.sophos.com – Author: Karl Ackerman We’re thrilled to share a major update for our NDR (Network Detection and Response) product: customers can now deploy NDR on certified hardware to support high traffic volume environments. Key benefits When deployed on supported virtual appliances (VMWare ESXi,   show more ...

MS HyperV, and AWS AMI), Sophos NDR is currently limited […] La entrada Sophos NDR support for certified hardware deployments – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: www.schneier.com – Author: Bruce Schneier From Slashdot: Apple and Google have launched a new industry standard called “Detecting Unwanted Location Trackers” to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown   show more ...

Bluetooth device is detected moving with them. The move comes after numerous […] La entrada Detecting Malicious Trackers – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: thehackernews.com – Author: . May 21, 2024NewsroomVulnerability / Software Development GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.   show more ...

0), the issue could permit unauthorized access to an instance without requiring prior […] La entrada Critical GitHub Enterprise Server Flaw Allows Authentication Bypass – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . May 21, 2024NewsroomCloud Security / Data Security A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. “The VBScript and PowerShell scripts in the   show more ...

CLOUD#REVERSER inherently involves command-and-control-like activities by using Google Drive and Dropbox as staging […] La entrada Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . May 21, 2024NewsroomData Breach / Malware The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. “The   show more ...

core of SolarMarker’s operations is its layered infrastructure, which consists of at least two clusters: a primary […] La entrada SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-05
Aggregator history
Tuesday, May 21
WED
THU
FRI
SAT
SUN
MON
TUE
MayJuneJuly