Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Veeam Addresses Auth ...

 Firewall Daily

Veeam, a leading provider of data management solutions, issued a critical warning to its customers regarding a vulnerability discovered in its Backup Enterprise Manager (VBEM) platform. Tracked as CVE-2024-29849, this Veeam vulnerability allows unauthorized attackers access to any account through the VBEM system. VBEM   show more ...

serves as a vital web-based tool for administrators, offering a centralized platform to manage Veeam Backup and Replication installations. It streamlines backup operations and facilitates restoration tasks across extensive backup infrastructures and organizational deployments. Understanding the Veeam Vulnerability List According to the official report, VBEM is not activated by default, meaning not all environments are vulnerable to exploits targeting CVE-2024-29849. However, Veeam has rated this vulnerability with a CVSS base score of 9.8, depending on the severity of its exploitability. Alongside CVE-2024-29849, several other vulnerabilities have been identified in VBEM, including CVE-2024-29850, CVE-2024-29851, and CVE-2024-29852. These vulnerabilities vary in severity, with some allowing account takeovers and unauthorized access to sensitive data. To address these security concerns, Veeam released a fix in its Veeam Backup Enterprise Manager version 12.1.2.172. This updated version is packaged with Veeam Backup and Replication 12.1.2 (build 12.1.2.172), providing a comprehensive solution to mitigate the identified vulnerabilities. Mitigation Against the Veeam Vulnerabilities Although immediate patching is recommended but for customers unable to so, Veeam recommends halting the VBEM software and disabling specific services associated with it. This temporary workaround helps minimize the risk of exploitation until the system is fully patched. When uninstalling Veeam Backup Enterprise Manager, only the application is removed, leaving the configuration database and stored data intact. Reinstallation is easy with preconfigured settings, but manual deletion of the database is recommended if it won't be reused.  Following are the steps to uninstall VBEM: From the Control Panel, navigate to Programs and Features. Find Veeam Backup and Replication, right-click, and select Uninstall. Ensure the checkbox next to Veeam Backup Enterprise Manager is selected, then click Remove. Veeam also emphasized the importance of regular vulnerability testing, particularly against actively supported versions of Veeam Backup & Replication. By staying vigilant and proactive in addressing security vulnerabilities, organizations can enhance their overall cybersecurity posture and safeguard against potential threats. It's worth noting that additional vulnerabilities have been reported in Veeam products, such as the Veeam Service Provider Console (VSPC) server and Veeam Recovery Orchestrator. These vulnerabilities, including CVE-2024-29212 and CVE-2024-22022, highlight the importance of ongoing security assessments and prompt patching to mitigate potential risks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for BEC and Healthcare B ...

 Cybersecurity News

A Georgia man was sentenced to 10 years in prison after being convicted of money laundering and conspiracy in connection with a digital fraud network that included business email compromise (BEC) attacks, romance scams, and healthcare benefits frauds, the U.S. Department of Justice announced. Malachi Mullings, 31,   show more ...

from Sandy Springs scammed over $4.5 million from his victims and laundered the proceeds through 20 bank accounts opened in the name of a shell company, The Mullings Group LLC. The scams relied on a variety of common techniques used in BEC scams and targeted elderly individuals of a health care benefit program, private companies and romance scam victims. “In one instance, Mullings laundered $310,000 that was fraudulently diverted from a state Medicaid program and had been intended as reimbursement for a hospital,” the Justice Department said. In another instance, Mullings was able to get $260,000 from a romance scam, which he used to buy a Ferrari. The sentencing of Mullings comes after he pleaded guilty in January 2023 to one count of conspiracy to commit money laundering and seven counts of various money laundering offenses. Mullings was first charged in February 2022, along with nine others from multiple states across the country. They were all charged in connection with multiple business email compromise, money laundering and wire fraud schemes that targeted Medicare, state Medicaid programs, private health insurers, and numerous other victims, which resulted in more than $11.1 million in total losses. “These defendants defrauded numerous individuals, companies, and federal programs, resulting in millions of dollars in financial losses to vital federal programs meant to provide assistance to those in need,” said U.S. Attorney Ryan Buchanan, at the time. “Millions of American citizens rely on Medicaid, Medicare, and other health care systems for their health care needs. These subjects utilized complex financial schemes, such as BECs and money laundering, to defraud and undermine health care systems across the United States,” said Luis Quesada, who at the time was Assistant Director of the FBI’s Criminal Investigative Division. “Elder fraud and romance fraud schemes utilized by the subjects often target our most vulnerable citizens and the FBI is committed to pursuing justice for those who were victimized by these schemes.” Together, the fraud schemes of these 10 scammers deceived five state Medicaid programs, two Medicare Administrative Contractors, and two private health insurers, who made payments to them and their co-conspirators instead of depositing the reimbursement payments into bank accounts belonging to the hospitals. Elder Fraud Growing: FBI Data Elder fraud complaints increased by 14% in 2023, according to a recently released report by the FBI’s Internet Crime Complaint Center (IC3). The associated losses reported by those over the age of 60 topped at $3.4 billion, an almost 11% increase in reported losses from 2022. While tech support scams were the most widely reported kind of elder fraud, personal data breaches, confidence and romance scams, non-payment or non-delivery scams, and investment scams rounded out the top five most common types of elder fraud reported to IC3 last year. [caption id="attachment_69765" align="aligncenter" width="1400"] Source: IC3[/caption] Investment scams were the costliest elder fraud in 2023 and cost victims more than $1.2 billion in losses last year. Tech support scams, business email compromise scams, confidence and romance scams, government impersonation scams, and personal data breaches, all respectively cost victims hundreds of millions of dollars in 2023. [caption id="attachment_69767" align="aligncenter" width="1400"] Source: IC3[/caption] On the state level, Florida ranked second in the country for the number of complaints and reported losses. “It’s disturbing to hear the stories of financial hardship these schemes create,” said FBI Tampa Field Special Agent Rodney Crawford. “Combatting the financial exploitation of those over 60 years of age continues to be a priority of the FBI,” said FBI Assistant Director Michael Nordwall, who leads the Bureau’s Criminal Investigative Division. “Along with our partners, we continually work to aid victims and to identify and investigate the individuals and criminal organizations that perpetrate these schemes and target the elderly.” The agency regards elderly fraud as a more insidious threat than the report shows. Many of these crimes likely go unreported, as “only about half” of the fraud scam complaints that get through to IC3 include IC3 data, the report said. Media Disclaimer: This article is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for SEC Fines NYSE Owner ...

 Regulations

The U.S. Securities and Exchange Commission (SEC) announced today that a major player in the U.S. financial system has agreed to pay a $10 million penalty for failing to timely report an April 2021 VPN breach. The Intercontinental Exchange Inc. (ICE), which owns the New York Stock Exchange (NYSE) and a number of other   show more ...

major financial interests, will pay the penalty to settle charges that it “caused the failure of nine wholly-owned subsidiaries, including the New York Stock Exchange, to timely inform the SEC of a cyber intrusion as required by Regulation Systems Compliance and Integrity (Regulation SCI),” the agency said in a press release. The SEC found out about the ICE breach after contacting the company while assessing reports of similar vulnerabilities several days after the breach occurred. Regulation SCI requires immediate reporting of cybersecurity incidents and an update within 24 hours if the incident is significant. The SEC said in its order that a third party identified only as “Company A” informed ICE that it was potentially impacted by a system intrusion involving a zero-day VPN vulnerability. The following day, ICE “identified malicious code associated with the threat actor that exploited the vulnerability on one of its VPN concentrators, reasonably concluding that it was ... indeed subject to the Intrusion.” Over the next several days, ICE and its internal InfoSec team took steps to analyze and respond to the intrusion, including taking the compromised VPN device offline, forensically examining it, and reviewing user VPN sessions to identify any intrusions or data exfiltration, the SEC said. ICE also retained a cybersecurity firm to conduct a parallel forensic investigation, and also worked with the VPN device manufacturer “to confirm the integrity of ICE’s network environment.” Five days after being notified of the vulnerability, ICE InfoSec personnel concluded that the threat actor’s access was limited to the compromised VPN device. At that point – “four days after first having had a reasonable basis to conclude that unauthorized entry ... had occurred” – legal and compliance personnel at ICE’s regulated subsidiaries were finally notified of the intrusion, the SEC order said. “As a result of ICE’s failures, those subsidiaries did not properly assess the intrusion to fulfill their independent regulatory disclosure obligations under Regulation SCI,” the SEC press release said. “The reasoning behind the rule is simple: if the SEC receives multiple reports across a number of these types of entities, then it can take swift steps to protect markets and investors,” Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, said in a statement. “Here, the respondents subject to Reg SCI failed to notify the SEC of the intrusion at issue as required. Rather, it was Commission staff that contacted the respondents in the process of assessing reports of similar cyber vulnerabilities.” The order and penalty reflect not only the seriousness of the violations, but also that several of them have been the subject of prior SEC enforcement actions, including for violations of Reg SCI, Grewal added. Among the ICE subsidiaries involved in the case were Archipelago Trading Services, Inc., NYSE Arca, Inc., ICE Clear Credit LLC, and the Securities Industry Automation Corporation (SIAC), all of which agreed to a cease-and-desist order in addition to ICE’s monetary penalty. VPN devices have come under increased scrutiny in recent days. The Norwegian National Cyber Security Centre issued last week an advisory to replace SSLVPN and WebVPN solutions with more secure alternatives, due to the repeated exploitation of vulnerabilities in edge network devices. The advisory followed a notice from the NCSC about a targeted attack against SSLVPN products in which attackers exploited multiple zero-day vulnerabilities in Cisco ASA VPN used to power critical infrastructure facilities. The campaign had been observed since November 2023. Media Disclaimer: This article is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for U.S. House Panel Tak ...

 Governance

The difficulty of defending against the misuse of AI – and possible solutions – was the topic of a U.S. congressional hearing today. Data security and privacy officials and advocates were among those testifying before the House Committee on Homeland Security at a hearing titled, “Advancing Innovation (AI):   show more ...

Harnessing Artificial Intelligence to Defend and Secure the Homeland.” The committee plans to include AI in legislation that it’s drafting, said chairman Mark E. Green (R-TN). From cybersecurity and privacy threats to election interference and nation-state attacks, the hearing highlighted AI’s wide-ranging threats and the challenges of mounting a defense. Nonetheless, the four panelists at the hearing – representing technology and cybersecurity companies and a public interest group – put forth some ideas, both technological and regulatory. Cybercrime Gets Easier Much of the testimony – and concerns raised by committee members – focused on the advantages that AI has given cybercriminals and nation-state actors, advantages that cybersecurity officials say must be countered by increasingly building AI into products. “AI is democratizing the threat landscape by providing any aspiring cybercriminal with easy-to-use, advanced tools capable of achieving sophisticated outcomes,” said Ajay Amlani, senior vice president at biometric company iProov. “The crime as a service dark web is very affordable. The only way to combat AI-based attacks is to harness the power of AI in our cybersecurity strategies.” AI can also help cyber defenders make sense of the overwhelming amount of data and alerts they have to contend with, said Michael Sikorski, CTO of Palo Alto Networks’ Unit 42. “To stop the bad guys from winning, we must aggressively leverage AI for cyber defense,” said Sikorski, who detailed some of the “transformative results” customers have achieved from AI-enhanced products. “Outcomes like these are necessary to stop threat actors before they can encrypt systems or steal sensitive information, and none of this would be possible without AI,” Sikorski added. Sikorski said organizations must adopt “secure AI by design” principles and AI usage oversight. “Organizations will need to secure every step of the AI application development lifecycle and supply chain to protect AI data from unauthorized access and leakage at all times,” he said, noting that the principles align with the NIST AI risk management framework released last month. Election Security and Disinformation Loom Large Ranking member Bennie Thompson (D-MS) asked the panelists what can be done to improve election security and defend against interference, issues of critical importance in a presidential election year. Amlani said digital identity could play an important role in battling disinformation and interference, principles included in section 4.5 of President Biden’s National Cyber Security Strategy that have yet to be implemented. “Our country is one of the only ones in the western world that doesn't have a digital identity strategy,” Amlani said. “Making sure that it's the right person, it's a real person that's actually posting and communicating, and making sure that that person is in fact right there at that time, is a very important component to make sure that we know who it is that's actually generating content online. There is no identity layer to the internet currently today.” Safe AI Use Guidelines Proposed by Public Policy Advocate The most detailed proposal for addressing the AI threat came from Jake Laperruque, deputy director of the Security and Surveillance Project at the Center for Democracy and Technology, who argued that the “AI arms race” should proceed responsibly. “Principles for responsible use of AI technologies should be applied broadly across development and deployment,” Laperruque said. Laperruque gave the Department of Homeland Security credit for starting the process with its recently published AI roadmap. He said government use of AI should be based on seven principles: Built upon proper training data Subject to independent testing and high performance standards Deployed only within the bounds of the technology’s designed function Used exclusively by trained staff and corroborated by human review Subject to internal governance mechanisms that define and promote responsible use Bound by safeguards to protect human rights and constitutional values Regulated by institutional mechanisms for ensuring transparency and oversight “If we rush to deploy AI quickly rather than carefully, it will harm security and civil liberties alike,” Laperruque concluded. “But if we establish a strong foundation now for responsible use, we can reap benefits well into the future.” Media Disclaimer: This article is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Rockwell Automation ...

 Cybersecurity News

Rockwell Automation has urged customers to immediately disconnect all industrial control systems facing the public Internet. The company cites increasing malicious activity amid mounting geopolitical tensions worldwide a reason for this recommendation. The company advised customers to disconnect devices not   show more ...

specifically meant to face the public internet such as its cloud and edge offerings. Air gapping ICS systems from the public-facing internet can significantly reduce the attack surface of the organizations and protect their critical infrastructure from cyber threats, an advisory from the company suggested. Rockwell Automation is a major provider of ICS products that has been in business for nearly a decade. Headquartered in Milwaukee, Wisconsin the industrial automation giant provides services for Architecture and Software segments meant for controlling the customer's industrial processes as well as Industrial Control Product Solution segments such as intelligent motor control, industrial control products, application expertise, and project management capabilities. "Due to heightened geopolitical tensions and increased adversarial cyber activity globally, Rockwell Automation is issuing this notice urging all customers to take immediate action to assess whether they have devices facing the public internet and, if so, to urgently remove that connectivity for devices not specifically designed for public internet connectivity," Rockwell Automation stated. Rockwell Automation Discourages Remote Connections to ICS In its latest security advisory, Rockwell Automation stressed that network defenders should never configure ICS devices to allow remote connections from systems outside the local network. It advised organizations that disconnecting these systems from the public-facing internet could significantly reduce their attack surface. This action prevents threat actors from gaining direct access to vulnerable systems that may not yet have been patched against security vulnerabilities, thus protecting internal networks from potential breaches. Rockwell Automation has also cautioned customers to implement necessary mitigation measures against several security vulnerabilities in its ICS devices. These vulnerabilities, identified by their CVE IDs, span across several Rockwell products like Logix Controllers, Studio 5000 Logix Designer, and FactoryTalk platforms. The list of these vulnerabilities is as follows: CVE-2021-22681: Rockwell Automation Logix Controllers (Update A) CVE-2022-1159: Rockwell Automation Studio 5000 Logix Designer CVE-2023-3595: Rockwell Automation Select Communication Modules CVE-2023-46290: Rockwell Automation FactoryTalk Services Platform CVE-2024-21914: Rockwell Automation FactoryTalk View ME CVE-2024-21915: Rockwell Automation FactoryTalk Service Platform CVE-2024-21917: Rockwell Automation FactoryTalk Service Platform Broader Efforts and Mitigation Actions for ICS Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert advising Rockwell customers to implement the recommended security measures as these products are in use at several critical infrastructure organizations across the country. Earlier in September 2022, the agency along with the NSA had issued recommendations and a "how-to guide" for reducing exposure across ICS and related operational technologies. The urgency of enhancing ICS security is further highlighted by the collaborative efforts of multiple U.S. federal agencies, including the NSA, FBI, and CISA, along with cybersecurity agencies from Canada and the U.K. These agencies have previously issued several public statements about the threats posed by hacktivists targeting critical infrastructure operations through unsecured OT systems. CISA has already recommended defensive measures on industrial control systems such as minimizing network exposure, isolating control system networks, and securing remote access through the implementation of Virtual Private Networks (VPNs). The present administration also issued the 2021 national security memorandum instructing CISA and NIST to develop cybersecurity performance goals for critical infrastructure operators as part of the broader initiatives in recent years to secure critical infrastructure within the United States. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Thousands at Risk in ...

 Cybersecurity News

Thousands of GitHub Enterprise Server (GHES) instances in the United States using SAML single sign-on (SSO) authentication are at high risk of compromise from a critical vulnerability that now has a proof-of-concept exploit available on the open internet. GitHub Enterprise Server, a self-hosted platform for software   show more ...

development, acts as a self-contained virtual appliance. It helps build and ship software using Git version control, powerful APIs, productivity and collaboration tools, and integrations. GHES is recommended for use in enterprises that are subject to regulatory compliance, which helps to avoid issues that arise from software development platforms in the public cloud. GitHub rolled out fixes on Monday to address a maximum severity vulnerability in the GitHub Enterprise Server that could allow an attacker to bypass authentication protections. The critical flaw, tracked as CVE-2024-4985, has the maximum severity rating possible on the CVSS scale since it allowed attackers unauthorized access to the targeted instance without requiring prior authentication. “On instances that use SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to provision and/or gain access to a user with administrator privileges,” GitHub explained. GitHub said that encrypted assertions are not enabled by default. “Instances not utilizing SAML SSO or utilizing SAML SSO authentication without encrypted assertions are not impacted,” it further added. Encrypted assertions improve GHES instance's security with SAML SSO by encrypting the messages that an SAML identity provider (IdP) sends. GitHub noted that the critical vulnerability impacts all versions of GHES prior to 3.13.0. It has been fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. The users upgrading to the latest patch could, however, face some issues. Known issues with this updated version are: Custom firewall rules are removed during the upgrade process. During the validation phase of a configuration run, a “No such object” error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. If an instance is configured to forward logs to a target server with TLS enabled, certificate authority (CA) bundles that a site administrator uploads using ghe-ssl-ca-certificate-install are not respected, and connections to the server fail. The mbind: Operation not permitted error in the /var/log/mysql/mysql.err file can be ignored. MySQL 8 does not gracefully handle when the CAP_SYS_NICE capability isn't required, and outputs an error instead of a warning. On an instance hosted in AWS, system time may lose synchronization with Amazon's servers after an administrator reboots the instance. On an instance with the HTTP X-Forwarded-For header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. In some situations, large .adoc files stored in a repository do not render properly in the web UI. The raw contents are still available to view as plaintext. On an instance in a cluster configuration, restoration of a backup using ghe-restore will exit prematurely if Redis has not restarted properly. On an instance with GitHub Actions enabled, Actions workflows that deploy GitHub Pages sites may fail. Repositories originally imported using ghe-migrator will not correctly track Advanced Security contributions. Thousands at Risk as PoC Goes Public ODIN, an Internet search engine by Cyble for attack surface management and threat intelligence, found that nearly 3,000 instances of Github Enterprise Server exposed to the internet are vulnerable to CVE-2024-4985. Of these, the most number of instances (2.09k) that are currently unpatched and at risk of being exploited are from the U.S., who is distantly followed by Ireland which has 331 vulnerable instances. ODIN’s customers can use the query: services.modules.http.title:"Github Enterprise" to track the vulnerable instances. [caption id="attachment_69721" align="aligncenter" width="300"] Country-wise distribution of GitHub Enterprise Servers vulnerable to CVE-2024-4985 (Source: ODIN by Cyble)[/caption] This maximum severity bug needs urgent patching as a proof-of-concept is now available on GitHub itself. The GitHub user has given a step-by-step guidance on the PoC exploit owing to which widespread exploitation could be expected soon, if not already taking place. Media Disclaimer: This article is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for CyberNiggers Group A ...

 Firewall Daily

The CyberNiggers hacker group plans to set up a new web domain of their own after they lost the ability to publicly communicate following the seizure of the BreachForums. The group on Tuesday shared intentions of taking forward the legacy of the leak forum and possibly creating a similar illicit forum of their own.    show more ...

Initially active on ShinyHunter's BreachForums, CyberNiggers members have been using various platforms for coordination, including a Telegram channel known as 'Jacuzzi'. However, with the recent seizure of BreachForums by the FBI, the group is evolving its strategies and contemplating the launch of a new forum to address the void left by the closure of BreachForums. The Aftermath of the BreachForums Seizure  The seizure of BreachForums by the FBI marks a significant development in the ongoing battle against cybercrime. The platform used by ransomware criminals to sell stolen corporate data has now been brought under law enforcement scrutiny. With potential access to sensitive data such as email addresses, IP addresses, and private messages, law enforcement agencies aim to expose and investigate members involved in criminal activities associated with the cybercriminal forum. The FBI's appeal to victims and individuals for information highlights the gravity of the situation, seeking cooperation from the public to aid in their investigations. Dedicated channels have been established for reporting, including email, Telegram, TOX, and a page on the FBI’s Internet Crime Complaint Center (IC3) portal. Despite debates surrounding the forum's status as a potential HoneyPot, CyberNiggers' activities have transcended speculation. Notably, the group gained attention for allegedly offering General Electrics data for sale towards the end of 2023, showcasing their capacity to target critical entities, particularly in the US. CyberNiggers Takes Aim at Numerous Targets Within a Short Span Although the CyberNiggers group is perceived as a relatively small group, their impact cannot be underestimated. Operating within BreachForums, they have attracted the attention of global surveillance agencies, including Five-Eyes. A prominent figure within the group, the Serbian hacker IntelBroker, has assumed a pivotal role, taking many data breaches under his name.  The leaked data and cyberattacks claimed by the hacker group pose multifaceted risks to targeted organizations and individuals alike. Potential consequences encompass reputational damage, financial losses, and legal repercussions. Moreover, the exposure of sensitive data, such as military files, highlights the broader national security implications of CyberNiggers' activities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for CentroMed Data Breac ...

 Firewall Daily

El Centro Del Barrio, operating as CentroMed, an integrated primary care clinic, confirms a recent cyberattack marking its second breach in a year. The earlier breach disclosed in August 2023, involved unauthorized access by the Karakurt threat group but data remained unreleased. The current data breach saw hackers   show more ...

infiltrating their systems and gaining access to the personal data of around 400,000 current and former patients. The CentroMed data breach raised concerns about the security of patient information and prompted the healthcare provider to take immediate action. According to CentroMed's data breach notice, the breach was discovered on May 1, after unusual activity was detected in their information technology (IT) network. Upon this discovery, CentroMed swiftly initiated measures to secure their systems and launched an investigation into the matter.  The preliminary investigation revealed that an unauthorized actor infiltrated their IT network on or around April 30, and accessed files containing sensitive information related to current and former patients. Decoding the CentroMed Data Breach The compromised data included patient names, addresses, dates of birth, Social Security numbers, financial account details, medical records, health insurance information, diagnosis and treatment data, as well as claims information. This breach posed significant risks to the privacy and security of individuals whose information was compromised. In response to the CentroMed cyberattack, the healthcare provider took several steps to mitigate the impact on affected individuals. CentroMed began notifying individuals whose information may have been compromised, starting on May 17. Additionally, a dedicated toll-free call center was established to address any questions or concerns from affected individuals. Expressing deep regret for the incident and the resulting concerns it may have caused, CentroMed assured the public that they were taking the matter seriously. To prevent similar incidents in the future, the healthcare provider stated that they had implemented additional safeguards and technical security measures to enhance the protection and monitoring of their systems. Mitigation Against the Cyberattack on CentroMed Individuals whose information may have been affected by the CentroMed data breach were advised to take proactive measures to safeguard their personal information. This included reviewing statements from healthcare providers for any unfamiliar services, monitoring financial account statements for suspicious activity, and promptly reporting any suspicious activity to their financial institutions. Furthermore, CentroMed provided additional guidance on steps individuals could take to protect their information, such as obtaining free credit reports and placing fraud alerts or security freezes on their credit files. They also offered specific instructions for parents or guardians concerned about their child's information security in light of the breach. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for New Cryptojacking Ca ...

 Cybersecurity News

Cybersecurity researchers uncovered a sophisticated cryptojacking campaign that leverages vulnerable drivers to disable well-known security solutions, thereby evading detection. This technique that allows attackers to perform privileged actions through the exploit of known flaws in signed drivers is referred to as a   show more ...

Bring Your Own Vulnerable Driver (BYOVD) attack. Campaign Deploys GHOSTENGINE Payload Researchers from Elastic Security Labs identified the new cryptojacking campaign referred to it as REF4578. The campaign uses the GHOSTENGINE core payload to deactivate security tools, complete the initial infection, and execute a crypto-miner. Researchers from Antiy Labs also observed the campaign, referring to it as HIDDEN SHOVEL. The campaign was found to primarily target servers in China, with significant impacts also reported in Hong Kong, the Netherlands, Japan, the U.S., Germany, South Africa, and Sweden. The exact scope and the identities of the threat actors behind the campaign remain unknown. The attack begins with the execution of an executable file named "Tiworker.exe," which masquerades as a legitimate Windows file. This executable runs a PowerShell script that retrieves an obfuscated script called "get.png" from the attacker's command-and-control (C2) server. The "get.png" script then attempts several actions such as disabling Microsoft Defender Antivirus, clearing Windows System/Security event logs and creating scheduled tasks for continued persistence. The script also checks for a minimum of 10MB storage space before downloading additional malicious modules, including: aswArPot.sys: A vulnerable Avast driver used to terminate EDR processes. IObitUnlockers.sys: A vulnerable IObit driver used to delete security agent binaries. smartsscreen.exe: The core payload (GHOSTENGINE) responsible for deactivating security processes and executing the XMRig miner. oci.dll: A DLL used for persistence and updating the malware. backup.png: A PowerShell script functioning as a backdoor for remote command execution. kill.png: A PowerShell script designed to inject and load an executable file to delete security agents. The PowerShell script creates multiple scheduled tasks to ensure persistence: "OneDriveCloudSync" runs a malicious service DLL every 20 minutes. "DefaultBrowserUpdate" runs a batch script every hour. "OneDriveCloudBackup" executes "smartsscreen.exe" every 40 minutes. Subsequently, the XMRig miner is downloaded and executed to mine cryptocurrency. XMRig is a legitimate high-performance open-source application for being able to mine the monero cryptocurrency and is commonly used by threat actors. A configuration file directs all generated cryptocurrency to an attacker-controlled wallet. The campaign incorporates several fallback mechanisms to ensure continued operation. If the primary C2 domains are unavailable, it uses backup servers and an FTP-based fallback system. The PowerShell script "kill.png" provides redundancy by having similar capabilities as "smartsscreen.exe" to delete security agent binaries. The malware also uses a DLL file ("oci.dll") loaded by a Windows service to maintain additional persistence and download further updates from the C2 server. Attackers Employ BYOVD Technique To Escalate Privileges and Evade Detection The drivers exploited in the campaign run at ring 0, the highest level of privilege offered in the operating system, allowing for direct access to critical system resources. The threat actors exploit the Avast driver "aswArPot.sys" to terminate security processes and the IObit driver "IObitUnlockers.sys" to delete security agent binaries. As the attack evades Endpoint Detection and Response (EDR) systems, to defend against this sophisticated campaign, security teams should monitor for unusual PowerShell execution, suspicious process activities and network traffic pointing to the identified crypto-mining pools. The researchers have provided YARA rules to help identify GHOSTENGINE infections. Additionally, organizations should consider blocking the creation of files by vulnerable drivers such as "aswArPot.sys" and "IObitUnlockers.sys." The advanced level of sophistication demonstrated in the REF4578/HIDDEN SHOVEL cryptojacking campaign makes it a cause of concern and demands urgent remediate action. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Threat Actors Exploi ...

 Cybersecurity News

Researchers discovered that a flaw in Atlassian's Bitbucket code repository tool, allowed threat actors to successfully breach AWS accounts through the use of authentication secrets which were leaked as plaintext in Bitbucket artifacts. Bitbucket provides a way to store variables, allowing developers to quickly   show more ...

reference them when writing code. Administrators can also set variables as "secured" as part of the Bitbucket Pipelines to prevent their values from being read in plain text. However, the recently discovered flaw in this system could cause artifact objects generated during pipeline runs to expose these secured variables in plaintext format. BitBucket Artifacts Contain Secrets in Plaintext The Bitbucket Pipelines CI/CD service integrated within Bitbucket, uses artifact objects to store variables, files, and directories for use in subsequent stages of the build and testing process. Bitbucket's  "Secured Variables" feature is stated to store sensitive information like AWS keys securely as they are encrypted within the Bitbucket environment, preventing direct access and logging of their values. Developers employ the printenv command to store all environment variables, including secured variables, in a text file, which is then included in an artifact object. However, researchers from Mandiant discovered that this a critical flaw in this system causes artifact objects generated during pipeline runs to contain these secured variables in plaintext. As developers are not aware of that these secrets are exposed in artifact files, they may inadvertently cause secret values to be pushed to public repositories where threat actors can steal them. The researchers state that could threat actor could simply open the text file artifacts to view sensitive variables in plaintext, easily stealing authentication secrets that can be used to steal data or perform other malicious activity. The researchers noted instances where development teams used Bitbucket artifacts in web application source code for troubleshooting, unknowingly exposing plaintext values of secret keys. This led to the exposure of these keys on the public internet, allowing attackers to leverage them for unauthorized access. Researchers Share Guide on Replicating BitBucket Vulnerability The researchers shared step-by-step instructions on recreating the leak of secrets within a Bitbucket environment, as proof of the vulnerability. These steps included defining a secured variable, updating the bitbucket-pipelines.yml file to create an environment artifact, and downloading and accessing the artifact to view the exposed secrets. The researchers shared the following recommendations to protect BitBucket Pipeline secrets: Storing secrets in a dedicated secrets manager and then referencing those variables in the code stored in your Bitbucket repository. Closely reviewing Bitbucket artifact objects to ensure they are not exposing secrets as plain text files. Deploying code scanning throughout the full lifecycle of your pipeline to catch secrets stored in code before they are deployed to production. However, the researchers stated that the findings were not an indictment against BitBucket but rather an observation of how quickly seemingly harmless behaviour could snowball into critical security problems. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Is it possible to sp ...

 Tips

Hackers can spy on every keystroke of Honor, OPPO, Samsung, Vivo, and Xiaomi smartphones over the internet – alarming headlines like this have been circulating in the media over the past few weeks. Their origin was a rather serious study on vulnerabilities in keyboard traffic encryption. Attackers who are able to   show more ...

observe network traffic, for example, through an infected home router, can indeed intercept every keystroke and uncover all your passwords and secrets. But dont rush to trade in your Android for an iPhone just yet – this only concerns Chinese language input using the pinyin system, and only if the cloud prediction feature is enabled. Nevertheless, we thought it would be worth investigating the situation with other languages and keyboards from other manufacturers. Why many pinyin keyboards are vulnerable to eavesdropping The pinyin writing system, also known as the Chinese phonetic alphabet, helps users write Chinese words using Latin letters and diacritics. Its the official romanization system for the Chinese language, adopted by the UN among others. Drawing Chinese characters on a smartphone is rather inconvenient, so the pinyin input method is very popular, used by over a billion people, according to some estimates. Unlike many other languages, word prediction for Chinese, especially in pinyin, is difficult to implement directly on a smartphone – its a computationally complex task. Therefore, almost all keyboards (or more precisely, input methods – IMEs) use cloud prediction, meaning they instantaneously send the pinyin characters entered by the user to a server and receive word completion suggestions in return. Sometimes the cloud function can be turned off, but this reduces the speed and quality of the Chinese input. To predict the text entered in pinyin, the keyboard sends data to the server Of course, all the characters you type are accessible to the keyboard developers due to the cloud prediction system. But thats not all! Character-by-character data exchange requires special encryption, which many developers fail to implement correctly. As a result, all keystrokes and corresponding predictions can be easily decrypted by outsiders. You can find details about each of the errors found in the original source, but overall, of the nine keyboards analyzed, only the pinyin IME in Huawei smartphones had correctly implemented TLS encryption and resisted attacks. However, IMEs from Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi were found to be vulnerable to varying degrees, with Honors standard pinyin keyboard (Baidu 3.1) and QQ pinyin failing to receive updates even after the researchers contacted the developers. Pinyin users are advised to update their IME to the latest version, and if no updates are available, to download a different pinyin IME. Do other keyboards send keystrokes? There is no direct technical need for this. For most languages, word and sentence endings can be predicted directly on the device, so popular keyboards dont require character-by-character data transfer. Nevertheless, data about entered text may be sent to the server for personal dictionary synchronization between devices, for machine learning, or for other purposes not directly related to the primary function of the keyboard – such as advertising analytics. Whether you want such data to be stored on Google and Microsoft servers is a matter of personal choice, but its unlikely that anyone would be interested in sharing it with outsiders. At least one such incident was publicized in 2016 – the SwiftKey keyboard was found to be predicting email addresses and other personal dictionary entries of other users. After the incident, Microsoft temporarily disabled the synchronization service, presumably to fix the errors. If you dont want your personal dictionary stored on Microsofts servers, dont create a SwiftKey account, and if you already have one, deactivate it and delete the data stored in the cloud by following these instructions. There have been no other widely known cases of typed text being leaked. However, research has shown that popular keyboards actively monitor metadata as you type. For example, Googles Gboard and Microsofts SwiftKey send data about every word entered: language, word length, the exact input time, and the app in which the word was entered. SwiftKey also sends statistics on how much effort was saved: how many words were typed in full, how many were automatically predicted, and how many were swiped. Considering that both keyboards send the users unique advertising ID to the headquarters, this creates ample opportunity for profiling – for example, it becomes possible to determine which users are corresponding with each other in any messenger. If you create a SwiftKey account and dont disable the Help Microsoft improve option, then according to the privacy policy, small samples of typed text may be sent to the server. How this works and the size of these small samples is unknown. Help Microsoft improve what? Collecting your data? Google allows you to disable the Share Usage Statistics option in Gboard, which significantly reduces the amount of information transmitted: word lengths and apps where the keyboard was used are no longer included. Disabling the Share Usage Statistics option in Gboard significantly reduces the amount of information collected In terms of cryptography, data exchange in Gboard and SwiftKey did not raise any concerns among the researchers, as both apps rely on the standard TLS implementation in the operating system and are resistant to common cryptographic attacks. Therefore, traffic interception in these apps is unlikely. In addition to Gboard and SwiftKey, the authors also analyzed the popular AnySoftKeyboard app. It fully lived up to its reputation as a keyboard for privacy diehards by not sending any telemetry to servers. Is it possible for passwords and other confidential data to leak from a smartphone? An app doesnt have to be a keyboard to intercept sensitive data. For example, TikTok monitors all data copied to the clipboard, even though this function seems unnecessary for a social network. Malware on Android often activates accessibility features and administrator rights on smartphones to capture data from input fields and directly from files of interesting apps. On the other hand, an Android keyboard can leak not only typed text. For example, the AI.Type keyboard caused a data leak for 31 million users. For some reason, it collected data such as phone numbers, exact geolocations, and even the contents of address books. How to protect yourself from keyboard and input field spying Whenever possible, use a keyboard that doesnt send unnecessary data to the server. Before installing a new keyboard app, search the web for information about it – if there have been any scandals associated with it, it will show up immediately. If youre more concerned about the keyboards convenience than its privacy (we dont judge, the keyboard is important), go through the settings and disable the synchronization and statistics transfer options wherever possible. These may be hidden under various names, including Account, Cloud, Help us improve, and even Audio donations. Check which Android permissions the keyboard needs and revoke any that it doesnt need. Access to contacts or the camera is definitely not necessary for a keyboard. Only install apps from trusted sources, check the apps reputation, and, again, dont give it excessive permissions. Use comprehensive protection for all your Android and iOS smartphones, such as Kaspersky Premium.

 Incident Response, Learnings

Over 100 medical associations and industry groups, representing thousands of U.S. doctors and healthcare professionals, have urged the HHS to hold Change Healthcare accountable for breach notifications following a massive February ransomware attack.

 Security Products & Services

To enable E2EE, all meeting participants must join from the Zoom desktop or mobile app. While those hosting a meeting on a free account can use E2EE, they will still need to verify their phone number via an SMS-delivered code.

 Govt., Critical Infrastructure

The US government's Advanced Research Projects Agency for Health (ARPA-H) has pledged more than $50 million to fund the development of technology that aims to automate the process of securing hospital IT environments.

 Malware and Vulnerabilities

The core of SolarMarker’s operations is its layered infrastructure, which consists of at least two clusters: a primary one for active operations and a secondary one likely used for testing new strategies or targeting specific regions or industries.

 Feed

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

 Feed

NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored cross site scripting issue. An unauthenticated user can simulate an agent registration to cause the cross site scripting attack and take over a users session. With this access, it is then   show more ...

possible to run a new payload on all of the NorthStar C2 compromised hosts (agents), and kill the original agent. Successfully tested against NorthStar C2 commit e7fdce148b6a81516e8aa5e5e037acd082611f73 running on Ubuntu 22.04. The agent was running on Windows 10 19045.

 Feed

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the WWBNIndex plugin of the AVideo platform. The vulnerability exists within the submitIndex.php file, where user-supplied input is passed directly to the require() function without proper sanitization. By exploiting this, an   show more ...

attacker can leverage the PHP filter chaining technique to execute arbitrary PHP code on the server. This allows for the execution of commands and control over the affected system. The exploit is particularly dangerous because it does not require authentication, making it possible for any remote attacker to exploit this vulnerability.

 Feed

Ubuntu Security Notice 6782-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions,   show more ...

cross-site tracing, or execute arbitrary code. Thomas Rinsma discovered that Thunderbird did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js.

 Feed

Ubuntu Security Notice 6777-3 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 6775-2 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage (NAS) appliances. The issues, which impact QTS 5.1.x and QuTS hero h5.1.x, are listed below - CVE-2024-21902 - An incorrect permission assignment for critical resource

 Feed

Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. "As adversarial threats become more sophisticated, so does the need to safeguard user data," the company said in a statement. "With the launch of post-quantum E2EE, we are doubling down on

 Feed

Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as

 Feed

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese

 Feed

An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian cybersecurity firm Positive Technologies said it identified over 30 victims spanning government agencies, banks, IT companies, and educational institutions. The first-ever compromise dates back to 2021. "This

 Feed

Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. The company said it's issuing the advisory due to "heightened geopolitical tensions and adversarial cyber activity globally." To that end, customers are required to take immediate

 Feed

Since the first edition of The Ultimate SaaS Security Posture Management (SSPM) Checklist was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace. In large enterprises, the number of SaaS applications in use today is in the hundreds, spread across departmental stacks, complicating the job of security teams to protect organizations against

 Feed

Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that's believed to have been active since 2018. The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets, Bitdefender said in a report shared with The Hacker News. "The investigation revealed a troubling

 Guest blog

The United States Department of Justice has dealt a blow to dark web drug traffickers by arresting a man alleged to operate the dark web drugs marketplace Incognito Market. According to a DOJ press release, the alleged operator of a darknet platform sold over $100 million worth of narcotics worldwide. Read more in my article on the Hot for Security blog.

 board

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Historically, communicating the value of cyber security to the board has always been a challenge. Cyber security staff and solutions are typically out-of-sight and out-of-mind, until something goes terribly wrong. Although there isn’t a single,   show more ...

uniform way to convey cyber security’s value to the board, there are a […] La entrada 5 ways to effectively communicate cyber security value to the board – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: cybernewswire New York, NY, May 21, 2024, CyberNewsWire — Memcyco Inc., provider of digital trust technology designed to protect companies and their customers from digital impersonation fraud, released its inaugural 2024 State of Website Impersonation Scams report.   show more ...

Notably, Memcyco’s research indicates that the majority of companies do not have adequate solutions […] La entrada News alert: Memcyco report reveals only 6% of brands can stop digital impersonation fraud – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido By Byron V. Acohido There was a lot of buzz at RSAC 2024 about how GenAI and Large Language Models (LLM) are getting leveraged — by both attackers and defenders. Related: Is your company moving too slow or too fast on GenAI? One promising example of the latter   show more ...

comes from […] La entrada RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deepfakes – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido The open-source Chromium project seeded by Google more than a decade ago has triggered something of a web browser renaissance. Related: Browser attacks mount Browsers based on Chromium include Google Chrome and Microsoft Edge, which dominate in corporate settings   show more ...

– as well as popular upstarts Brave, Opera and Vivaldi. Together […] La entrada RSAC Fireside Chat: SquareX introduces security-infused browser extension to stop threats in real time – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.techrepublic.com – Author: Franklin Okeke Most virtual private networks can connect to multiple or unlimited individual devices, like your phones, PCs and tablets. However, using a VPN through a router remains a more clever and comfortable way to ensure that every device in your home or office is   show more ...

secured, including those that originally didn’t […] La entrada How to Install a VPN on Your Router – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . May 22, 2024NewsroomData Security / Vulnerability Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage (NAS) appliances.   show more ...

The issues, which impact QTS 5.1.x and QuTS hero h5.1.x, […] La entrada QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Adopts

Source: thehackernews.com – Author: . May 22, 2024NewsroomEncryption / Quantum Computing Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. “As   show more ...

adversarial threats become more sophisticated, so does the need to safeguard user data,” the […] La entrada Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: thehackernews.com – Author: . May 22, 2024NewsroomEnterprise Security / Vulnerability Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections.   show more ...

Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated […] La entrada Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register The US government’s Advanced Research Projects Agency for Health (ARPA-H) has pledged more than $50 million to fund the development of technology that aims to automate the process of securing hospital IT environments. ARPA-H has called this program   show more ...

Universal PatchinG and Remediation for Autonomous DEfense, or UPGRADE for short. […] La entrada Uncle Sam to inject $50M into auto-patcher for hospital IT – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Zoom has rolled out what it claims is post-quantum end-to-end encryption (E2EE) for video conferencing, saying it will make it available for Phone and Rooms “soon.” This, Zoom explains, makes it “the first UCaaS company to offer a post-quantum   show more ...

E2EE solution for video conferencing.” That’s unified communications as a […] La entrada Zoom adds ‘post-quantum’ encryption for video nattering – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: go.theregister.com – Author: Team Register Infosec researchers are alerting the industry to a critical vulnerability in Fluent Bit – a logging component used by a swathe of blue chip companies and all three major cloud providers. Experts at Tenable discovered the flaw (CVE-2024-4323), which can lead   show more ...

to denial of service (DoS) and information leakage, […] La entrada Critical Fluent Bit bug affects all major cloud providers, say researchers – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register The number of new ransomware strains in circulation has more than halved over the past 12 months, suggesting there is little need for innovation given the success of the existing tools used by top gangs. Only 43 new ransomware families were observed in 2023,   show more ...

according to Rapid7’s research published […] La entrada With ransomware whales becoming so dominant, would-be challengers ask ‘what’s the point?’ – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas A malicious crypto mining campaign codenamed ‘REF4578,’ has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner. Researchers at Elastic Security   show more ...

Labs and Antiy have underlined the unusual sophistication of these crypto-mining attacks in separate reports and shared detection rules to help defenders […] La entrada GhostEngine mining attacks kill EDR security using vulnerable drivers – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan ​Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM). VBEM is a web-based platform that enables administrators to manage   show more ...

Veeam Backup & Replication installations via a single web console. It helps control backup […] La entrada Veeam warns of critical Backup Enterprise Manager auth bypass bug – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Geo Focus: The United Kingdom , Geo-Specific ICO Urges Companies to Assess Data Protection Before Releasing Products Akshaya Asokan (asokan_akshaya) • May 21, 2024     The U.K. Information Commissioner’s   show more ...

Office said Snapchat brought its artificial intelligence-powered tool into compliance. (Image: Shutterstock) Instant messaging […] La entrada Snapchat Revises AI Privacy Policy Following UK ICO Probe – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Few Restrictions Appear to Exist, Provided Companies Behave Transparently Mathew J. Schwartz (euroinfosec) • May 21, 2024     Image: Shutterstock Can individuals’ personal data and content be used by artificial intelligence firms to train their large   show more ...

language models without requiring users to opt in? See Also: Cybersecurity workforce development: […] La entrada Training LLMs: Questions Rise Over AI Auto Opt-In by Vendors – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development Actor Said She Firmly Declined Offer From AI Firm to Serve as Voice of GPT-4.o Mathew J. Schwartz (euroinfosec) • May 21, 2024     Scarlett Johansson (Image:   show more ...

Gage Skidmore, via Flickr/CC) Imagine these optics: A man asks a […] La entrada Did OpenAI Illegally Mimic Scarlett Johansson’s Voice? – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Professional Certifications & Continuous Training , Recruitment & Reskilling Strategy , Training & Security Leadership Tips to Get You to the Place in Your Career Where You Really Want to Be May 21, 2024     Image: Getty Images LinkedIn recently   show more ...

released its list of the top companies to work […] La entrada How to Land Your Dream Job in Tech – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 What are the key elements of a successful healthcare identity security program? SailPoint healthcare experts Matthew Radcliffe and Rob Sebaugh detail what to look for to accelerate your business and improve your security posture. In an interview with Information   show more ...

Security Media Group, the two SailPoint executives discussed: Elements of a […] La entrada Healthcare Identity Security: What to Expect From a Solution – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Wade Ellery Field Chief Technology Officer, Radiant Logic Wade Ellery, Field Chief Technology Officer and Senior Technical Evangelist with Radiant Logic. Wade has extensive experience in enterprise IT direct and channel software, and services, sales and management. He   show more ...

has in-depth knowledge and experience in enterprise IAM, IGA, risk and compliance […] La entrada Live Webinar Today | Practical Strategies for Accelerating AI Adoption in Cybersecurity – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 3rd Party Risk Management , Cybercrime , Fraud Management & Cybercrime Attackers Are Targeting the Widely Used Mirth Connect Data Integration Platform Marianne Kolbasuk McGee (HealthInfoSec) • May 21, 2024     Image: NextGen Attackers are actively exploiting   show more ...

a vulnerability in NextGen Healthcare Mirth Connect product, a widely used, open-source […] La entrada CISA: NextGen Healthcare Flaw Still Exploited After 7 Months – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breach

Source: www.databreachtoday.com – Author: 1 Breach Notification , HIPAA/HITECH , Security Operations Medical Associations Ask HHS to Clarify HIPAA Duties in Change Healthcare Hack Marianne Kolbasuk McGee (HealthInfoSec) • May 21, 2024     Industry groups want the U.S. Department of Health and Human Services   show more ...

to explicitly declare UnitedHealth Group solely responsible for HIPAA breach […] La entrada 100 Groups Urge Feds to Put UHG on Hook for Breach Notices – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Governance & Risk Management , Government , Industry Specific Technology Giants Vie for Public Sector Customers Amid Microsoft’s Recent Breaches Chris Riotta (@chrisriotta) • May 21, 2024     Google wants Microsoft’s U.S. federal business. (Image:   show more ...

Shutterstock) Google is aiming to poach Microsoft’s public sector customers by attacking its competitor […] La entrada Google Urges Feds to Ditch Microsoft Over Security Concerns – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-05
Aggregator history
Wednesday, May 22
WED
THU
FRI
SAT
SUN
MON
TUE
MayJuneJuly