Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for World CyberCon META ...

 Press Release

Dubai, UAE – May 24, 2024 – The Cyber Express proudly announces the successful conclusion of the third edition of the World CyberCon META Edition 2024. This landmark event, hosted at Al Habtoor Palace in the heart of Dubai, attracted over 100 attendees and featured more than six hours of intensive collaboration   show more ...

and networking. Participants from over 20 different industries demonstrated the extensive relevance and urgency of cybersecurity in today’s interconnected world.  The conference provided a crucial platform for addressing the escalating cybersecurity threats in the UAE, which is experiencing a significant digital transformation. According to Mordor Intelligence, the UAE Cybersecurity Market is projected to grow to approximately USD 950 million by 2028, highlighting the increasing demand for effective cybersecurity measures.  [caption id="attachment_70406" align="aligncenter" width="2800"] People Registering for World CyberCon Meta Edition[/caption] A standout moment of the conference was the keynote address by Irene Corpuz, a distinguished cybersecurity expert and co-founder of Women in Cyber Security Middle East. Corpuz delivered a compelling speech highlighting the increasing risks that cyberattacks pose to startup organizations, stressing that even small startups are prime targets for cybercriminals.  World CyberCon META Edition: Diverse Sessions and Expert Panels  This year’s World CyberCon showcased a diverse array of insightful sessions and expert-led panels. Among the highlights was a compelling panel discussion led by Jo Mikleus, Senior Vice President at Cyble. The panel featured an esteemed all-women lineup of cyber experts, including Irene Corpuz, Sithembile Songo, Eng. Dina AlSalamen, and Afra Mohammed Almansoori. Together, they discussed the transformative impact of AI on cybersecurity, highlighting its crucial role in advancing threat management and security measures.  [caption id="attachment_70432" align="aligncenter" width="2800"] (L-R: Dina Alsalamen, VP, Head of Cyber and Information Security Department, Bank ABC; Irene Corpuz - Co-Founder, Women in Cyber Security Middle East; Sithembile (Nkosi) Songo - Chief Information Security Officer, ESKOM; Afra Mohammed Almansoori - Business Analyst, Digital Dubai and Jo Mikleus - Senior Vice President, Cyble Inc. (Moderator))[/caption] The experts delved into how AI and ML technologies are transforming threat detection and response capabilities in cybersecurity. They shared use cases of behavioral analytics, anomaly detection, and automated incident response, showcasing how these technologies are being utilized to enhance security frameworks.  Celebrating Excellence: The META Cybersecurity Awards  [caption id="attachment_70404" align="aligncenter" width="2800"] Award Presentation[/caption] The event also celebrated achievements within the cybersecurity community through its prestigious awards ceremony. Heartfelt congratulations go out to all awardees for their pioneering contributions to the field. The awards highlighted the excellence and innovation driving the cybersecurity sector forward. Special thanks to our speakers, attendees, and partners, including Cyble Inc. and Synax Technologies, for their integral roles in the conference’s success.  The presence and support of the Ministry of Interior (MoI) significantly enriched the discussions and outcomes of the event. We thank Mariam Alhammadi, MOI SOC Manager, and Saeed M. AlShebli, Deputy Director of Digital Security Department, for their invaluable contributions and insights.  Augustin Kurian, Editor-in-Chief at The Cyber Express, shared his appreciation, stating, “The support and engagement from the entire cybersecurity community have been truly remarkable. This year's conference was not only a resounding success in terms of knowledge sharing but also underscored Dubai's role as a prominent tech hub in the face of worldwide digital challenges. A heartfelt thank you to all our participants, and to Dubai for its exceptional hospitality.”  [caption id="attachment_70435" align="aligncenter" width="1867"] Augustin Kurian, Editor-in-Chief at The Cyber Express[/caption] World CyberCon META Edition has firmly established itself as a must-attend event in the cybersecurity calendar. The third edition of World CyberCon was a testament to the dynamic and collaborative spirit of the cybersecurity community. The conference provided a vital platform for sharing knowledge, addressing pressing challenges, and exploring innovative solutions. With its blend of expert insights, collaborative discussions, and recognition of excellence, World CyberCon continues to play a pivotal role in advancing cybersecurity resilience.  [caption id="attachment_70437" align="aligncenter" width="2800"] Networking during Hi-Tea[/caption] Looking Ahead  The Cyber Express is excited to continue fostering these essential discussions in future editions. The success of this year's World CyberCon META Edition sets a high benchmark for the upcoming editions, promising even more engaging content, expert insights, and collaborative opportunities. As the digital landscape continues to evolve, the importance of such gatherings cannot be overstated. They not only provide a space for addressing current challenges but also pave the way for future innovations and solutions in cybersecurity.  For more information about World CyberCon and upcoming events, please visit thecyberexpress.com. 

image for SingCERT Warns Criti ...

 Firewall Daily

The Cyber Security Agency of Singapore has issued a critical alert concerning vulnerabilities in several WordPress plugins, highlighting the urgency for users to take immediate action. These WordPress plugin vulnerabilities, deemed critical, pose significant risks to website security, potentially allowing unauthorized   show more ...

access and exploitation by malicious actors. Security updates have been promptly released to address these critical vulnerabilities in multiple WordPress plugins. SingCERT has reported 9 critical WordPress plugin vulnerabilities and has shared the mitigation strategies to avoid exploration by threat actors.  SingCERT Flagged Multiple WordPress Plugin Vulnerabilities SingCERT flagged these critical WordPress vulnerabilities, including those allowing arbitrary file uploads and SQL injection. These vulnerabilities are as follows:  WordPress Copymatic  AI Content Writer & Generator: Exploitation of this vulnerability (CVE-2024-31351) could enable an unauthenticated attacker to upload arbitrary files to a website, potentially compromising its integrity. The severity of this vulnerability is highlighted by its maximum CVSSv3.1 score of 10 out of 10, affecting plugin versions prior to 1.7. Pie Register  Social Sites Login (Add on): Identified with CVE-2024-4544, this plugin vulnerability allows for authentication bypass, potentially enabling unauthorized access to user accounts. With a CVSSv3.1 score of 9.8 out of 10, versions of the plugin before 1.7.8 are affected. Hash Form Drag & Drop Form Builder The Hash Form Drag & Drop Form Builder vulnerability (CVE-2024-5084) permits unauthenticated attackers to upload arbitrary files, facilitating remote code execution on affected sites. Its severity, rated 9.8 out of 10, affects versions of the plugin before 1.1.1. Country State City Dropdown CF7 Plugin The vulnerability (CVE-2024-3495) identified in this plugin allows for SQL injection, potentially compromising sensitive data stored in the website's database. The vulnerability is rated at 9.8 out of 10 and versions before 2.7.3 are affected. WPZOOM Addons for Elementor (Templates, Widgets) This vulnerability (CVE-2024-5147) enables unauthenticated attackers to upload and execute arbitrary files on the server, posing a severe threat to website security. Versions of the plugin before 1.1.38 are vulnerable, with a CVSSv3.1 score of 9.8 out of 10. Business Directory Plugin Easy Listing Directories: Vulnerable to SQL injection (CVE-2024-4443), this plugin allows unauthenticated attackers to extract sensitive information from the website's database. With a CVSSv3.1 score of 9.8 out of 10, versions before 6.4.3 are at risk. UserPro Plugin This vulnerability (CVE-2024-35700) enables attackers to escalate privileges, potentially gaining full control of the affected website. Versions of the plugin before 5.1.9 are affected, with a CVSSv3.1 score of 9.8 out of 10. Fluent Forms Contact Form Plugin Vulnerable versions of this plugin (CVE-2024-2771) permit privilege escalation, posing significant risks to website security. The versions prior to 5.1.17 are affected, with a CVSSv3.1 score of 9.8 out of 10. It's worth noting that this vulnerability is actively exploited. Web Directory Free Plugin This plugin vulnerability (CVE-2024-3552) allows unauthenticated attackers to interact directly with the website's database through SQL injection, potentially leading to data theft. Versions before 1.7.0 are affected, with a CVSSv3.1 score of 9.3 out of 10. Mitigation Strategies for WordPress Vulnerabilities Users and administrators using the affected versions of these WordPress plugins are strongly advised to update to the latest versions immediately to mitigate these vulnerabilities and safeguard their websites against potential exploitation. For further details and guidance on mitigation for these WordPress plugin vulnerabilities, users can refer to the respective plugin documentation and updates provided by the developers. Additionally, employing security measures such as virtual patching can provide interim protection while awaiting updates. Ensuring the security of WordPress websites requires proactive measures, including regular updates and monitoring for vulnerabilities. By staying informed and promptly addressing security concerns, website owners can effectively protect their online assets from potential threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Russian Hackers Use ...

 Cybersecurity News

Russian hackers were found using legitimate remote monitoring and management software to spy on Ukraine and its allies. The malicious scripts required for downloading and running the RMM program on the victims’ computers are hidden among the legitimate Python code of the “Minesweeper” game from Microsoft. The   show more ...

Government Computer Emergency Response Team of Ukraine (CERT-UA), operating under the State Special Communications Service, warned that Russian cybercriminals are using the legitimate SuperOps RMM software program to gain unauthorized access to Ukrainian organizations’ information systems, particularly those in the financial sector. The Cyber Security Center of the National Bank of Ukraine (CSIRT-NBU) and CERT-UA recorded and analyzed phishing emails sent to victims with a Dropbox link containing an executable file (.SCR) that was about 33 megabytes in size. The emails were sent from the address “support@patient-docs-mail.com,” which impersonated a medical center and had the subject line “Personal Web Archive of Medical Documents.” The .SCR file contained a Python clone of the Minesweeper game along with malicious Python code that downloads additional scripts from a remote source “anotepad.com.” The Minesweeper code contained a function named “create_license_ver” which is repurposed to decode and execute the hidden malicious code. The legitimate SuperOps RMM program is eventually downloaded and installed from a ZIP file, granting attackers remote access to the victim’s computer. The CERT-UA found five similar files, named after financial and insurance institutions in Europe and the USA, indicating that these cyberattacks, which took place between February and March 2024, have a wide geographic reach. CERT-UA tracked this threat activity to an actor it identified as UAC-0188. UAC-0118, also known as FRwL or FromRussiaWithLove, is a Russian state-aligned hacktivist threat actor group that emerged during the Russia-Ukraine war in 2022. They primarily targeted critical infrastructure, media, energy and government entities. FRwL has been previously linked to the use of the Vidar stealer and Somnia ransomware, which they employ as a data wiper rather than for financial gain. While there is no direct evidence linking FRwL to the Russian Main Intelligence Directorate, it is possible that they coordinate activities with state-aligned hacktivist groups. Possible Defense Against Ongoing Remote Monitoring Campaign CERT-UA recommends the following: Organizations not using SuperOps RMM should verify the absence of network activity associated with the domain names: [.]superops[.]com, [.]superops[.]ai. Improve employee cyber hygiene. Use and constantly update anti-virus software. Regularly update operating systems and software. Use strong passwords and change them regularly. Back up important data. Ukrainian Financial Institutions Also on Smokeloader’s Radar The financially motivated group UAC-0006 has actively launched phishing attacks targeting Ukraine through 2023. CERT-UA reported the resurfacing of UAC-0006 in spring 2024, with hackers attempting to distribute Smokeloader, a common malware in the group’s toolkit. This threat group’s goal has primarily been to steal credentials and execute unauthorized fund transfers, posing a significant risk to financial systems. SmokeLoader is a malicious bot application and trojan that can evade security measures to infect Windows devices. It can then install other malware, steal sensitive data and damage files, among other issues. Throughout 2023, UAC-0006 conducted several phishing campaigns against Ukraine, exploiting financial lures and using ZIP and RAR attachments to distribute Smokeloader CERT-UA last week issued another warning about a significant surge in UAC-0006 activity. Hackers have conducted at least two campaigns to distribute Smokeloader, displaying similar patterns to previous attacks. The latest operations involve emails with ZIP archives containing images that include executable files and Microsoft Access files with macros that execute PowerShell commands to download and run other executable files. After initial access, the attackers download additional malware, including TALESHOT and RMS. The botnet currently consists of several hundred infected computers. CERT-UA anticipates an increase in fraudulent operations involving remote banking systems and thus, strongly recommends enhancing the security of accountants’ automated workstations and ensuring the implementation of necessary policies and protection mechanisms to reduce infection risks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Sav-Rx Data Breach P ...

 Data Breach News

Sav-Rx, a medication benefits management service provider, experienced a data breach incident that potentially exposed the personal and health information of more than 2.8 million individuals in the United States. Sav-Rx, operating under A&A Services, provides medication benefits management services to various   show more ...

health plans, which requires collecting and storing personal data from health plan participants and employees. The incident was first detected on October 8, last year, when the company identified an unauthorized access to its computer network, a breach notification to the Maine Attorney General said. Sav-Rx engaged third-party cybersecurity experts to contain and investigate the breach. The affected IT systems were restored the next business day, ensuring no disruption to patient care or prescription services. The investigation revealed that an unauthorized third party accessed non-clinical systems and obtained files containing personal and health information, such as: names, dates of birth, social security numbers, email addresses, physical addresses, phone numbers, eligibility data, and insurance identification numbers. Clinical and financial information remained secure. The breach investigation concluded on April 30, and notifications to impacted individuals were sent out beginning May 24. Sav-Rx confirmed that the unauthorized party destroyed the acquired data and did not further disseminate it. Whether it paid a ransom in exchange of this is unclear as Sav-Rx did not immediately respond to a comment request from The Cyber Express. Although additional details about the attackers and their motive remain under wraps, Conti ransomware group had reportedly, at the time, claimed responsibility for the attack and demanded an undisclosed amount for not publishing the leaked data. To mitigate potential harm, the company offers two years of complimentary credit monitoring and identity theft protection through Equifax. Sav-Rx advises affected individuals to monitor their credit reports and account statements for signs of fraud or identity theft. Affected individuals can contact Sav-Rx's call center at 888-326-0815 for further assistance and information regarding credit monitoring services. Sav-Rx implemented enhanced security measures, including 24/7 security operations, multi-factor authentication, BitLocker encryption, new firewalls, and system hardening protocols, to prevent future incidents. The company promptly notified law enforcement authorities after detecting the breach. For more information about the incident, people can visit the FAQ page on the company’s website. Call for Class Action Against Sav-Rx Data Breach Considering the widespread impact where the personal and health information of 2,812,336 individuals was compromised, Abington Cole + Ellery, an Oklahoma-based law firm has initiated a class action lawsuit investigation in the Sav-Rx data breach. ACE requested victims interested in participating as a class representative in this class action against Sav-Rx to submit their details in an online form. Ransomware Attacks on Healthcare Bleeding Billions from U.S. Economy A recent study revealed that over the past several years, more than 500 successful ransomware attacks have impacted nearly 10,000 healthcare providers, exposing over 52 million patient records and costing the US economy $77.5 billion in downtime alone. Another study by Proofpoint and Ponemon found that 68% of respondents reported disrupted patient care due to ransomware attacks, 46% noted increased mortality rates, and 38% saw more complications in medical procedures. Additionally, ransomware attacks were linked to 42 to 67 patient deaths over five years and a 33% monthly increase in deaths among hospitalized Medicare patients. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Amazon Secures pcTat ...

 Firewall Daily

Soon after an independent researcher exposed a vulnerability in the commercial-grade pcTattletale spyware tool that could compromise recordings, the tool’s website was hacked and defaced. The hacker claimed to have accessed at least 17TB of victim screenshots and other sensitive data, viewing the site's hacking   show more ...

as a personal challenge after a researcher's limited disclosure to prevent exploitation of the flaw by bad actors. Amazon promptly placed an official lock on the site's AWS infrastructure following the hacking incident. The pcTattletale spyware's flawed architecture and its discovery demonstrate the inherent vulnerabilities present in common spyware applications, potentially impacting not just individuals but entire organizations and families. pcTattletale Spyware Vulnerabilities and Poor-Data Handling Practices The pcTattletale spyware tool offered a live feed of screenshots from the victim's device as its primary feature, alongside typical spyware functionalities like location tracking. However, this extensive monitoring feature backed on poor infrastructure and data-handling practices has also been its downfall, with data breaches exposing private data of targets. First, a 2021 data breach incident demonstrated Individual Directory Override (IDOR) vulnerabilities in the spyware tool's domain infrastructure, potentially allowing access to sensitive data through guessable Amazon S3 URLs. Last week, researcher Eric Daigle uncovered an API bug that also potentially allowed access to sensitive data across registered devices. This vulnerability allowed unauthorized users to access private information in the form of comprehensive screen recordings. A subsequent hack then exposed pcTattletale's backend to the public, revealing an astonishing disregard for secure practices. The hacker discovered that the spyware shipped with hardcoded AWS credentials, accessible via a hidden webshell, potentially enabling years of undetected data exfiltration. This oversight, remarkable for its simplicity and duration, underscores a major failure in the handling of user data. pcTattletale Spyware Latest Hack The hacker defaced pcTattletale's official site, replacing it with a writeup of the operation and links to compromised data obtained from the site's AWS infrastructure. The vastness of the data stored by pcTattletale was found to be overwhelming, with the hacker reporting their discovery of over 17 terabytes of victim device screenshots from more than 10,000 devices, some dating back to 2018. Although the released data dump did not include these screenshots, it reportedly contained database dumps, full webroot files for the stalkerware service, and other S3 bucket contents, exposing years of sensitive information.   [caption id="attachment_70264" align="alignnone" width="2230"] Source: archive.org[/caption] The breach also uncovered a simple webshell hidden since at least December 2011 in the spyware's backend code. This backdoor allowed for arbitrary PHP code execution through the use of cookies, raising questions about its origin—whether it was placed by pcTattletale itself as a backdoor or a threat actor. The hacker later updated the defaced site to share a video, claiming it as footage of the pcTattletale's founder attempts to restore the site. It took over 20 hours for the defaced website to be taken down, with the pcTattletale’s service continuing to send screenshots to the S3 bucket until Amazon officially locked down the spyware service's AWS account. [caption id="attachment_70324" align="alignnone" width="1206"] Source: ericdaigle.ca[/caption] Following the official lockdown of the site's AWS infrastucture, security researcher Eric Daigle, expanded his earlier limited disclosure with step-by-step exploit of the stated flaw. He noted that while the site's attacker exploited an unrelated flaw, it was about as equally trivial in it's complexity. Victims Affected by pcTattletale Spyware Data Leak The pcTattletale data leak is particularly alarming as several organizations employed the tool to monitor employees and clients, exposing confidential information across various sectors, such as banks, law firms, educational institutes, healthcare providers, and even government agencies. Notable instances of victims affected by the data breach as stated by security researcher maia crimew who explored the incident and shared data in a blog article, include: Hotels leaking guest information such as personal data and credit card details. Law firms exposing lawyer-client communications and client bank-routing information A bank revealing confidential client data Educational institutes such as schools and childcare centers monitoring employees or students, revealing personal data. Healthcare providers exposing patient information. Palestinian government agency employee monitored. The HR department of a Boeing supplier revealing personal information of employees . Tech companies secretly installing pcTattletale on employee devices suspected of wrongdoing, exposing internal systems and source code. A bug bounty hunter who installed the software for pentesting, then immediately tried to uninstall it. Concerningly, the spyware was also offered as a way for parents and spouses to maintain tabs over their children and partners respectively, potentially exposing this information in the resulting breach. [caption id="attachment_70278" align="alignnone" width="1920"] Source: maia.crimew.gay[/caption] Given the wide range of affected companies and the significant security lapses, security researcher maia crimew noted that pcTattletale could face severe repercussions, possibly leading to a cessation of its operations as the Federal Trade Commission (FTC) had previously ordered other US stalkerware developers to cease operations following breaches, with pcTattletale’s case poised for similar consequences. The widespread misuse and systemic security failures of pcTattletale highlight the dangers inherent in stalkerware software and services, as well as the urgent need for stringent regulatory oversight and robust security measures over these tools to protect the data and privacy of individuals and organizations. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Federal Court Denies ...

 Cybersecurity News

Optus, one of Australia's largest telecommunications companies, has lost a legal battle in the Federal Court. The Australian Federal Court has ordered the company to release an external review performed by Deloitte to investigate the cause of a significant 2022 cyberattack that led to the release of sensitive   show more ...

customer data. The Optus 2022 data breach resulted in the exposure of the names, dates of birth, phone numbers, and email addresses of over 10 million customers with addresses, driver's licence or passport numbers being exposed for a portion of the affected customers. Optus Appeal Against Sharing External Deloitte Report The data breach incident along with 14-hour outage of its telecommunication services, frustrations over the availability of information/credit monitoring services and attempts of attackers to exploit the compromised data for use in SMS phishing attacks, led to intense scrutiny towards the company. [caption id="attachment_70354" align="alignnone" width="2230"] Source: www.optus.com.au/support/cyberresponse[/caption] The company commissioned an independent external forensic review of the cyberattack from Deloitte over its security systems, controls and processes under the advise of the then CEO Kelly Bayer Rosmarin and the approval of its board. Bayer made the following statement over the decision: “This review will help ensure we understand how it occurred and how we can prevent it from occurring again. It will help inform the response to the incident for Optus. This may also help others in the private and public sector where sensitive data is held and risk of cyberattack exists. Kelly, later resigned over the incident with Optus now being led by a new CEO, who is working to rebuild trust with customers in a 'challenging' market. Despite the efforts of the company to deal with the data breach, the recent court decision comes after Optus appealed an earlier ruling that it must hand over the report to Slater & Gordon, the law firm pursuing a class action against the company for allegedly failing to protect its customers' personal information. Optus has not yet made a public statement regarding the Federal Court's decision. However, the company had previously argued that the Deloitte report was commissioned to provide legal advice and therefore it was privileged. The court, however, decided that Optus had failed to prove that the dominant purpose of the report was for legal advice. Class Action Law Suit Against Optus and Implications of Court Ruling Slater & Gordon, the law firm representing the affected Optus customers, has welcomed the court's decision. The law firm's class actions practice group leader, Ben Hardwick, criticized Optus's efforts to keep the report confidential, stating that it indicates the company's refusal to accept responsibility for its role in the data breach and its impact on millions of its customers. In it's April 2023 press release, the law firm's leader had stated that more than 100,000 of Optus’s current and former customers had registered for the class action, with some notable examples among the group group such as: a domestic violence victim who spent money that was intended for counselling for her children on increasing security measures around the house, including installing video cameras and extra locks on doors and windows a former Optus customer who had previously been burgled and had his identity stolen who now suffers severe anxiety after learning his personal information had been shared online a stalking victim who takes extreme measure to maintain her privacy, especially her address, who fears her life has genuinely been put in danger by the data breach a woman who is now too fearful to answer the telephone after noticing an increase in scam phone calls following the Optus cyberattack, and a retired police officer concerned that his home address may have been shared with criminals he was involved in the prosecution and incarceration of. The press release also cited the frustration several customers expressed over alleged delays by Optus in providing details over the data breach, and reported inconsistencies in how the telecommunications giant had been treating affected customers Some Optus registrants claimed to the law firm that they were dismissed when they sought further information from Optus, while others informed that the company refused to pay for credit monitoring services under the basis that they were no longer Optus customers. “There appears to have been a piecemeal response from Optus, rather than a coordinated approach that made sure everyone whose data was compromised is treated the same." The Federal Court's decision sets a significant precedent for companies involved in data breaches. It underscores the importance of transparency and accountability in such situations, and it may encourage other companies to take stronger measures to protect their customers' personal information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Pakistan’s Islamab ...

 Cybersecurity News

Islamabad's Safe City Authority experienced a significant disruption when its online system was breached by hackers, prompting an immediate shutdown. The Safe City Islamabad Project, initiated by the PPP-led government and backed by a Chinese government concessional loan, aimed to enhance the capital's   show more ...

surveillance and security capabilities with the installation of 1,950 CCTV cameras, a bomb-proof command center, a 4G communication network, and advanced monitoring systems such as facial recognition technology. This unforeseen event has raised concerns over the security and the vulnerability of the system, as law enforcement officials scramble to assess the damage and restore operations. Islamabad's Safe City Authority Breach and Initial Response The breach revealed several systemic weaknesses within the Safe City Authority's digital infrastructure. Hackers successfully infiltrated the primary server, gaining unauthorized access to databases containing criminal records and sensitive information. While the system's firewall did issue an alert upon detecting the intrusion, the absence of backup servers and contingency plans forced a complete shutdown of the affected software and applications. The assault compromised several integral systems, including the Complaint Management System, Criminal Management Record System, and Human Resource Management System, along with software and applications vital for the Operation Division. [caption id="attachment_70433" align="alignnone" width="2800"] Source: china.aiddata.org[/caption] The compromise of these systems impacted several critical services tied to the Safe City initiative. This includes mobile applications, smart police vehicle records, police station data, video analytics, Islamabad Traffic Police, e-challan systems, and records from the operations division. Approximately 13 to 15 servers provided by the police facilitation center F-6 were also affected. An officer highlighted to Dawn, Pakistan's largest English newspaper, that this incident was not a typical hacking scenario involving stolen login credentials. Instead, the system's vulnerability stemmed from the use of simple and common login IDs and passwords by officials, making it easier for hackers to gain access. Additionally, many of the software and applications were found to be outdated or with expired licenses, further compromising the system's security. Despite the breach of several systems, the Safe City cameras' management system that operated independently through offline direct lines, remained secure, demonstrating the effectiveness of isolated systems in safeguarding against such attacks. Police spokesperson Taqi Jawad confirmed the intrusion as an attempted breach that triggered the firewall's alarm but stated that appropriate precautionary measures had been taken. "All logins have been closed for the past two days to change them, including those of police stations and officers at various ranks," he stated. Jawad refrained from sharing further specifics on the server shutdowns as he stated they were still pending technical feedback Controversy Over Islamabad's Safe City Authority Islamabad's Safe City project has been a source of serious controversy, with several litigations over contract transparency and cost inflation, leading the Supreme Court's order to cancel the initial contract with Huawei in 2012. The contract was later renegotiated, and the project resumed under the PMLN (Pakistan Muslim League)  government, with the command center becoming operational in 2016. By 2016, 1,805 cameras were installed, and as of 2021, 95% remained functional. Despite the extensive infrastructure, police sources claimed in 2022 that the system had not prevented any incidents or facilitated any arrests, raising questions about its effectiveness. Due to financial strain, Pakistan and China Eximbank signed several debt suspension agreements from July 2020 to December 2021, temporarily suspending principal and interest payments under the concessional loan agreement. Tragically, the project's director was found dead in July 2022 in an apparent suicide. The successful breach of the authority's systems draws additional controversy towards the project, which was intended to be a cornerstone of Islamabad's security infrastructure but has encountered several operational, legal, and financial setbacks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for World Cybercon 3.0 M ...

 Firewall Daily

The Cyber Express World CyberCon 3.0 META cybersecurity conference in Dubai was a standout event, showcasing significant achievements in cybersecurity with its prestigious META Awards. Hosted at Al Habtoor Palace, the awards ceremony gathered top talent from the cybersecurity sector, honoring individuals and   show more ...

organizations that have significantly enhanced cyber defenses across the META region. Among the esteemed awardees, Thomas Heuckeroth from Emirates Group and Dr. Hoda A. Alkhzaimi from EMaratsec were recognized as The Cyber Express Cybersecurity Persons of 2024 for their exceptional contributions. Here is the complete list of all other winners: The Cyber Express Cybersecurity Person of 2024 (META): Man Thomas Heuckeroth, SVP IT Infrastructure & Digital Platforms, Emirates Group [caption id="attachment_70293" align="aligncenter" width="2800"] (L-R: Beenu Arora, Co-Founder and CEO, Cyble Inc., Thomas Heuckeroth, SVP IT Infrastructure & Digital Platforms, Emirates Group and Jo Mikleus, Senior Vice President, Cyble Inc.)[/caption] The Cyber Express Cybersecurity Person of 2024 (META): Woman Dr. Hoda A Alkhzaimi, EMaratsec The Cyber Express Cybersecurity Diversity and Inclusion Advocates of 2024 Yana Li, WebBeds Dina AlSalamen, Bank ABC (Jordan) Rudy Shoushany, DxTalks Aus Alzubaidi, MBC Group Saltanat Mashirova, Honeywell The Cyber Express Infosec Guardians of 2024 (BFSI) Anthony Sweeney, Deribit Bipin Mehta, HSBC Bank Syed Muhammad Ali Naqvi, HBL Bank Kiran Kumar PG, Alpheya Ahmed Nabil Mahmoud, Abu Dhabi Islamic Bank The Cyber Express Infosec Guardians of 2024 (Government & Critical Entities) Talal AlBalas from Abu Dhabi Quality and Conformity Council (ADQCC) Abdulwahab Abdullah Algamhi, UAE ICP  Vinoth Inbasekaran, Dubai Government Entity - Alpha Data  Dr Hamad Khalifa Alnuaimi, Abu Dhabi Police  Dr Saeed Almarri, Dubai Police  The Cyber Express Top Cybersecurity Influencers of 2024 Dr. Mohammad Al Hassan, Abu Dhabi University Maryam Eissa Alhammadi, Ministry of Interior Hadi Anwar, CPX Waqas Haider, HBL Microfinance Bank Chenthil Kumar, Red Sea International Nishu Mittal, Emirates NBD Nisha Rani, Emirates Leisure Retail The Cyber Express Top InfoSec Leaders 2024 Mohamad Mahjoub, Veolia Near and Middle East Ankit Satsangi, Beeah Group Gokul Vasudev, Dubai Health Authority Ashish Khanna, SHARAF GROUP Abhilash Radhadevi, Oq Trading Prashant Nair, Airtel Africa PLC The Cyber Express Top Infosec Entrepreneurs 2024 May Brooks Kempler, Helena Illyas Kooliyankal, CyberShelter Kazi Monirul, Spider Digital Muneeb Anjum, AHAD Craig Bird, CloudTech24 Zaqiuddin Khan, Tech Experts LLC Alireza Shaban ghahrod, Diyako Secure Bow Insightful Discussions and Networking The awards set a celebratory tone that carried through the rest of the conference. The day commenced with a vibrant atmosphere as attendees gathered for registration and explored the exhibition area, setting the stage for a day of insightful discussions and networking opportunities. Augustin Kurian, Editor-in-Chief of The Cyber Express, extended a warm welcome, emphasizing the importance of collaborative efforts in cultivating a secure cyber environment. Keynote and Panel Sessions Irene Corpuz, Co-Founder of Women in Cybersecurity Middle East, delivered the opening keynote, shedding light on the imperative of incubating security and nurturing a cyber-aware culture, particularly within startup ecosystems. Corpuz's address highlighted the significance of proactive measures in addressing cybersecurity challenges from the outset. Panel discussions served as focal points for in-depth exploration of key cybersecurity issues. From navigating cyber threats to leveraging innovative approaches for threat detection, industry experts provided valuable insights into emerging trends and strategic investments in cybersecurity. Notable panelists included Waqas Haider of HBL Microfinance Bank, Beenu Arora of Cyble, and Azhar Zahiruddin of Chalhoub Group, among others. Diversity and Inclusion The Cyber Express's World CyberCon Meta Edition event also celebrated diversity and inclusion in cybersecurity, honoring advocates who have championed these principles within their respective domains. Yana Li of WebBeds and Dina AlSalamen of Bank ABC were among the esteemed recipients of The Cyber Express Cybersecurity Diversity and Inclusion Advocates of 2024 award, acknowledging their efforts in fostering an inclusive cyber community. Strategic insights were further highlighted during panel discussions focusing on fortifying against ransomware and the role of AI and ML in enhancing threat detection. Expert moderators facilitated engaging conversations, addressing critical challenges and sharing best practices for prevention, mitigation, and swift recovery. Conclusion The Cyber Express World Cybercon 3.0 META Cybersecurity Conference successfully raised the bar for the collective dedication of cybersecurity professionals in the META region. By fostering dialogue, sharing insights, and recognizing excellence, the event played an important role in advancing cybersecurity resilience and shaping the future of cybersecurity across industries. The Cyber Express awards recognized the hard work and innovative solutions of the finest brains in cybersecurity, emphasizing the message that collaborative and proactive actions are critical to protecting our digital future. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Russian Cyber Army C ...

 Firewall Daily

The notorious Russian Cyber Army hacker group has allegedly claimed the Bulgarian Ports Infrastructure Company cyberattack. The threat actor asserts a targeted assault on the organization’s website. While the hacker group asserts the website's downtime, initial observations contradict this claim, indicating that   show more ...

the site remains operational without visible signs of a cyber onslaught. The Cyber Express has reached out to the  Bulgarian Ports Infrastructure Company to verify the claims of the cyberattack incident. However, at the time of writing this, no official statement or response has been forthcoming, leaving the veracity of the claims surrounding the Bulgarian Ports Infrastructure Company cyberattack unconfirmed. Russian Cyber Army Assets Bulgarian Ports Infrastructure Company Cyberattack Contrary to typical cyberattacks that result in website defacements or distributed denial-of-service (DDoS) disruptions, the purported assault by the Russian Cyber Army appears to have had minimal impact, if any, on the targeted website's operations. This suggests a potentially brief and ineffective attack, diverging from the more disruptive tactics commonly associated with cyber warfare. [caption id="attachment_70364" align="alignnone" width="462"] Source: X[/caption] Talking about the Bulgarian Ports Infrastructure Company cyberattack in its post, the Russian Cyber Army states that they are attacking the “State Enterprise “Port Infrastructure” (IF)”, which is the territorial authority of the Bulgarian ports, for public transport, providing traffic management and delivery information services. The Russian Cyber Army's recent activities have garnered attention, including a peculiar interview conducted by WIRED with a purported spokesperson known as "Julia." The interview sheds light on the group's motivations, which ostensibly revolve around defending Russian interests in the face of perceived external pressure from the United States, the European Union, and Ukraine. Who is the Russian Cyber Army Hacker Group? While the Russian Cyber Army portrays itself as a formidable force in the information warfare arena, experts caution against overestimating its influence, suggesting that the group's actions may primarily serve to bolster nationalist sentiments domestically rather than exert significant influence abroad. Moreover, the group's exposure by cybersecurity firms and government agencies highlights its emergence as a noteworthy entity on the global stage. Despite the hype surrounding the Russian Cyber Army's activities, analysts warn against succumbing to fear-mongering tactics, emphasizing the need for measured responses to cyber threats. As for the Bulgarian Ports Infrastructure Company cyberattack, this is an ongoing story and The Cyber Express will be closely monitoring the situation. We'll update this post once we have more information on the alleged Bulgarian Ports Infrastructure Company cyberattack or any official confirmation from the organization.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Bitdefender Launches ...

 Firewall Daily

Bitdefender has launched the AI scam detector, Scamio, on WhatsApp in Australia. This innovative integration empowered Australians to utilize WhatsApp as a platform for efficiently verifying online scams and fraud instances. Bitdefender Scamio aims to address rising concerns surrounding online scams by providing a   show more ...

highly accessible and user-friendly tool directly within WhatsApp. Users could interact with the chatbot by submitting questionable content and conversationally describing the context.  Bitdefender’s Scamio is Now Available on WhatsApp in Australia Bitdefender Scamio is an AI-driven chatbot that analyzes data and provides a verdict within seconds, along with recommendations for further action. Additionally, with this latest integration with WhatsApp, over 7.4M Australian users can use Scamio as their personal scam checker. [caption id="attachment_70308" align="alignnone" width="1200"] Source: Bitdefender[/caption] The integration of Bitdefender’s Scamio with WhatsApp was a strategic response to the increasing use of artificial intelligence by malicious actors. Scammers were exploiting popular messaging apps and online services to steal money, credentials, and personal data. By integrating Scamio into WhatsApp, Bitdefender aimed to disrupt these criminal activities by offering a sophisticated tool capable of keeping pace with online scam tactics. The enhanced accessibility provided by this feature aimed to provide an additional layer of security for Australians, who were disproportionately targeted by online fraudsters. Having Scamio available within WhatsApp streamlined the scam verification process for everyday users, reducing the time and effort required to identify potential scams. How to use Bitdefender’s Scamio for Scam Detection? In the USA and other countries, online scams remained a major concern, with the number of internet fraud reports rising in recent years. Phishing and online shopping scams were among the most common types reported. To combat this issue, governments intensified efforts to inform the public and assist in preventing internet fraud and scams. Scamio, Bitdefender's next-gen AI chatbot, combined artificial intelligence with exceptional threat-detection algorithms, machine learning, pattern recognition, and advanced data analysis techniques to identify even the most sophisticated scams. Accessible on any device without requiring installation, Scamio helped users quickly verify suspicious links, text messages, emails, and QR codes—all for free. To use this chatbot, users could access the web app or add it as a contact on WhatsApp or Facebook Messenger. Once logged in, users could describe scam details, copy and paste texts or links, or upload pictures or screenshots of deceptive messages. Scamio then analyzed the material and provided recommendations to ensure users didn't fall victim to cybercriminals. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Malware and Vulnerabilities

Cisco states that there are no workarounds that address this vulnerability. The IT giant has confirmed that this vulnerability does not affect Adaptive Security Appliance (ASA) Software or Firepower Threat Defense (FTD) Software.

 Expert Blogs and Opinion

Cloud applications and SaaS tools have countless configuration options that are often poorly documented and can change frequently, making it difficult to ensure they are securely configured.

 Malware and Vulnerabilities

Researchers at Trellix Advanced Research Center spotted fake AV sites used to distribute info-stealers. The malicious websites hosted sophisticated malicious files such as APK, EXE, and Inno setup installer, including spying and stealer capabilities.

 Security Products & Services

Fail2Ban is an open-source tool that monitors log files and blocks IP addresses that exhibit repeated failed login attempts. It does this by updating firewall rules to reject new connections from those IP addresses for a configurable amount of time.

 Malware and Vulnerabilities

Attackers could have exploited a now-mitigated critical vulnerability in the Replicate artificial intelligence platform to access private AI models and sensitive data, including proprietary knowledge and personally identifiable information.

 Incident Response, Learnings

The Australian Communications and Media Authority said it has filed proceedings against Optus in a federal court as the company failed to protect sensitive customer data during a data breach in September 2022 that affected close to 10 million people.

 Trends, Reports, Analysis

In the report published on May 23, VulnCheck showed that 30 out of 59 known exploited vulnerabilities (KEVs) registered since February 12 have not yet been analyzed by the NVD team.

 Trends, Reports, Analysis

The frequency and severity of attacks are increasing—yet most businesses remain unprepared, according to VikingCloud. Between a growing talent shortage, alert fatigue, and new sophisticated attack methods, companies are more susceptible than ever.

 Feed

Debian Linux Security Advisory 5698-1 - Multiple security issues were found in Rack, an interface for developing web applications in Ruby, which could result in denial of service.

 Feed

Debian Linux Security Advisory 5697-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-5274 exists in the wild.

 Feed

Red Hat Security Advisory 2024-2875-03 - Red Hat OpenShift Container Platform release 4.13.42 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

 Feed

Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle (AitM) phishing, "uses Cloudflare Workers to act as a reverse proxy server for a

 Feed

The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 2024 and is anticipated to persist," the BlackBerry Research and Intelligence Team said in a technical report

 Feed

Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate," the company said in its latest Cyber Signals report. "We've seen some examples where

 Feed

The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector. A new report by LayerX explores the state of

 Cyber Security News

Source: securelist.com – Author: CFR team Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we’ve seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular,   show more ...

message boards. Criminals are forever inventing new schemes for stealing personal data and […] La entrada Message board scams – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securelist.com – Author: Kaspersky ICS CERT Global statistics Statistics across all threats In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage   show more ...

decreased by 1.3 pp. Percentage of ICS […] La entrada Threat landscape for industrial automation systems, Q1 2024 – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISOs

Source: www.proofpoint.com – Author: 1 Chief information security officers around the globe “are nervously looking over the horizon,” according to a survey of 1,600 CISOs that found more than two thirds (70 percent) worry their organization is at risk of a material cyber attack over the next 12   show more ...

months.  This is compared to 68 percent […] La entrada 70% of CISOs worry their org is at risk of a material cyber attack – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.proofpoint.com – Author: 1 Top insights for IT pros From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides. Size matters, at least when it comes to cybersecurity.   show more ...

That’s according to Ryan Kalember, chief […] La entrada Identity vulnerabilities a concern at Microsoft, outside researcher claims – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 About

Source: www.darkreading.com – Author: Ericka Chickowski, Contributing Writer Source: Olena Bartienieva via Alamy Stock Photo It takes a complex coordination of law enforcement, judicial processes, and technical capabilities in order to truly disrupt cybercrime. What’s more, all of this work has to be able   show more ...

to cut across barriers of language, culture, and geopolitical divides. So […] La entrada 6 Facts About How Interpol Fights Cybercrime – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Mojahid Mottakin via Shutterstock Microsoft’s plans to introduce a “Recall” feature powered by artificial intelligence in its Copilot+ PCs lineup has evoked considerable privacy concerns. But the extent to which   show more ...

these concerns are fully justified remains a somewhat open question at the moment. Recall is technology […] La entrada Microsoft’s ‘Recall’ Feature Draws Criticism From Privacy Advocates – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE NEW YORK, May 21, 2024 /PRNewswire/ — Claroty, the cyber-physical systems (CPS) protection company, today announced new proprietary data revealing that 13% of the most mission-critical operational technology (OT) assets have an insecure internet   show more ...

connection, and 36% of those contain at least one Known Exploited Vulnerability (KEV), making them both remotely accessible […] La entrada Research From Claroty’s Team82 Highlights Remote Access Risks Facing Mission-Critical OT Assets – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: OleCNX via Alamy Stock Photo Gipy, a newly discovered campaign using a strain of infostealer malware, is targeting users in Germany, Russia, Spain, and Taiwan with phishing lures promising an AI voice changing application. Researchers   show more ...

at Kaspersky said Gipy malware first emerged in early […] La entrada AI Voice Generator App Used to Drop Gipy Malware – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: dpa picture alliance via Alamy Stock Photo Google has released an update from its Chrome team for a high-severity security flaw, tracked as CVE-2024-5274, that actively exists in the wild. The bug is classified as critical and is a type   show more ...

confusion vulnerability in the […] La entrada Google Discovers Fourth Zero-Day in Less Than a Month – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-05
Aggregator history
Monday, May 27
WED
THU
FRI
SAT
SUN
MON
TUE
MayJuneJuly